More annual reports from Gorman-Rupp Co.:
2023 ReportPeers and competitors of Gorman-Rupp Co.:
CLPS IncorporationGRC International Group plc Unit 3, Clive Court Bartholomew’s Walk Cambridgeshire Business Park Ely CB7 4EA T: 0330 999 0222 www.grci.group Our expertise, your peace of mind Annual Report & Accounts 2022 G R C I n t e r n a t i o n a l G r o u p A n n u a l R e p o r t & A c c o u n t s 2 0 2 2 We believe we are a global leader in integrated cyber and privacy compliance solutions 263613 GRC Annual Report 2022 Cover with spine.indd 2-3 263613 GRC Annual Report 2022 Cover with spine.indd 2-3 31/08/2022 11:54 31/08/2022 11:54 CONTENTS Strategic Report 1-29 Highlights At a Glance Chairman’s Statement Chief Executive Officer’s Review Market Overview Business Model Our Strategy Our Strategy in Action Financial Review Risk Management Key Performance Indicators Stakeholder Engagement 1 2 4 8 12 14 16 18 20 24 26 28 Corporate Governance 31-47 Governance Report Application of the QCA Code Board of Directors Audit Committee Report Remuneration Committee Report Directors’ Report Statement of Directors’ Responsibilities 32 34 38 40 43 46 47 Financial Statements 49-95 Independent Auditor’s Report Consolidated Income Statement Consolidated Statement of Comprehensive Income Consolidated Balance Sheet Consolidated Statement of Changes in Equity 50 56 56 57 58 Consolidated Statement of Cash Flows 59 Nature of Operations and General Information Notes to the Financial Statements Company Balance Sheet 60 69 87 Company Statement of Changes in Equity 88 Notes to the Company Financial Statements 89 We are a global cyber security and technology Group with an integrated and diverse range of products and services which deliver comprehensive and multi-tiered Cyber Defence-in- Depth strategies for our clients. Our off-the-shelf and tailored solutions help organisations seamlessly manage the increasingly complex cyber and privacy compliance all organisations face today. From ISO 27001, PCI DSS and Penetration Testing to Cyber Security as a Service and DPO as a Service to Privacy by Design and Data Water marking, our specialist services and professional expertise give clients, both large and small, peace of mind. As a Group, we believe we have the most comprehensive and integrated global portfolio of cyber and privacy solutions. Our combined expertise makes us the business world’s go-to resource for robustly managing cyber threats alongside meeting global privacy requirements. 263613 GRC Annual Report 2022 Cover with spine.indd 5-6 263613 GRC Annual Report 2022 Cover with spine.indd 5-6 31/08/2022 11:54 31/08/2022 11:54 Designed and printed by Perivan 1 21%1 £14,794 OPERATIONAL HIGHLIGHTS TOTAL BILLINGS2 (£’000) £14,794 2022 2021 £12,252 WEBSITE VISITS (‘000) 4,312 2022 2021 17%1 4,312 3,691 AVERAGE FTE HEADCOUNT 164 2022 2021 WEBSITE REVENUE (£’000) 10%1 164 149 54%1 £6,161 HIGHLIGHTS We emerged strongly from the pandemic, with strong top and bottom line growth throughout last year. We are seeing solid organic growth in all our lines of business and our operations in the EU and USA have become established and the Group is seeing steady, profitable progress. FINANCIAL HIGHLIGHTS REVENUE (£’000) £13,902 2022 2021 18% £13,902 £11,760 LOSS AFTER TAX (£’000) £(997) 2022 £(997) (61)% 2021 £(2,571) EBITDA (£’000) £954 2021 £(1,131) (184)% 2022 £954 EARNINGS PER SHARE (UNDILUTED) (0.98)p 2022 (0.98)p (62)% 2021 (2.58)p LOSS BEFORE TAX (£’000) £(1,003) (65)% £(1,003) £(2,835) 2022 2021 We have repositioned the Group’s core messaging and service offerings around the concept that our expertise delivers customer peace of mind. We believe this will raise customer perceptions of our value, support cross-selling, encourage longer term customer engagement and improved sales margins, and enables us to easily identify where bolt-in acquisitions fit into the Group. We have continued investing in infrastructure and product development across all divisions and regions. Exciting new product launches have been driven both by market demand and how our experts see the future of cyber compliance developing. These include: • Cyber Security as a Service, Privacy as a Service, Remote Working Security Assessment Service, EU-US Data Transfers Assessment and Action Plan, a portfolio of ISO 27701 PIMS Training and Consultancy Services, and improved penetration testing and vulnerability scanning for remote working £6,161 2022 2021 £4,002 • Our growth has been driven by the changing threat landscape created by digital transformation, migration to cloud and the widespread adoption of hybrid working and working from home. All of the Group’s services and products can now be deployed remotely to suit the evolving needs of organisations across the globe • We have seen significant organic growth across website traffic in our fledgling businesses IT Governance EU and USA, indicating that our tried and tested, established UK growth strategy is working effectively across new jurisdictions which puts us in a strong position for significant future growth • 2019’s data privacy acquisition, DQM GRC, has been firmly embedded within the Group and its Privacy by Design and Data Watermarking service continue delivering profitable growth • We have unified the Group’s marketing under one value proposition and future developed our brand strategy to ensure subsidiaries work seamlessly together to further increase up and cross selling within the Group • The Group has clearly demonstrated resilience and success through uncertain times which we now plan to build on as we look forward to developing further opportunities in the cyber and privacy markets BILLINGS PER MONTH PER FTE £7,477 2022 2021 £7,477 (25)%1 £9,988 NET CUSTOMER ADDITIONS 3,020 2022 2021 (13)%1 3,020 3,477 1 Year-on-year: 2022 compared with 2021. 2 The relationship between billings and revenue is explained on page 20. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 20222 AT A GLANCE A comprehensive suite of integrated cyber defence-in-depth products and services We are a global cyber security business whose main brand IT Governance, uses our wide-ranging and in-depth expertise to build and package comprehensive Cyber Defence-in-Depth solutions and strategies for our clients, regardless of the organisation’s size, maturity or business sector. ORGANISATIONS NEED A MULTI-LAYERED, RISK-BASED APPROACH TO BUILD CYBER RESILIENCE 1st line LARGELY DETECTIVE: Continual vulnerability scanning, authentication policy and phishing staff awareness training 2nd line LARGELY PREVENTIVE: Penetration testing, incident reporting, Cyber Essentials, security- trained IT support, cyber security and GDPR staff awareness training 3rd line LARGELY PREVENTIVE, BUT MORE MATURE: Embedded, risk-based security controls (e.g. ISO 27001 certification) 4th line CORRECTIVE: Supply chain security management, business continuity management, IT disaster recovery 5th line RECOVERY: Cyber security insurance The simplest and most effective solution for organisations worldwide is access to a supplier that can address all of their IT governance, compliance and risk management needs with an integrated and comprehensive product and service portfolio. We are that solution. We work with customers across the globe to address their unique cyber and compliance challenges. This includes: • • • Working with clients to build and deploy practical business-focused security and privacy structures that meet multiple compliance requirements, enabling them to thrive in competitive markets Providing platforms and expertise that help organisations successfully manage their increasing global cyber and privacy compliance, regulatory and legislative burdens Helping to fill the resource and capability gap caused by the shortage of skilled cyber and privacy professionals who are fundamental to successful cyber and privacy compliance operations A COMPREHENSIVE SUITE OF INTEGRATED CYBER SECURITY AND DATA PROTECTION SOLUTIONS – FACILITATING CROSS- AND UP-SELLING SWIFT AND CLOUD SECURITY SOC 2 SERVICES EU & UK GDPR REPRESENTATIVE CYBER ESSENTIALS ISO 27001 SERVICES PRIVACY BY DESIGN DATA BREACH MANAGEMENT ISO 22301 SERVICES DISASTER RECOVERY PCI DSS PENETRATION TESTING RISK MANAGEMENT SUPPLIER AUDITS DPO AS A SERVICE DATA WATERMARKING POST-BREACH SUPPORT CONTINUITY PLANNING CYBER INCIDENT RESPONSE CYBER SECURITY INFORMATION SECURITY DATA PRIVACY INCIDENT RESPONSE BUSINESS CONTINUITY MANAGED CYBER SECURITY AND PRIVACY SERVICES INTEGRATED CYBER SECURITY AND PRIVACY SOLUTIONS ADVISORY TESTING & AUDIT COMPLIANCE PLATFORMS LEARNING PLATFORMS CONTENT PLATFORMS GRC: GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 20223 OUR DIVISIONAL STRUCTURE Over the past four years we have grown from a niche information security and privacy training and consultancy business into a broader Governance, Risk and Compliance Group with a unique Cyber Defence-in-Depth model and a service offering structured around three divisions: e-Commerce, SaaS and Professional Services. Across these three divisions, we work to improve our customers’ cyber resilience and compliance postures. We use our expertise to deliver comprehensive and robust Cyber Defence-in-Depth solutions that are tailored to our customers’ risk appetites, budgets and business goals. This gives them peace of mind and allows them to focus on what their business does best. OPERATING STRUCTURE: • Our primary focus is on people and process domains, and on national and international standards. Unique point solutions integrated to deliver cyber resilience and defence-in-depth e-Commerce • Eight B2B e-commerce websites • ‘Learn from Anywhere’ training delivery model • Publications business: Cyber security, GDPR, Privacy/data protection, risk & compliance • Wide range of books and standards. 26% OF FY 2022 REVENUE Services Helping corporate and public organisations meet compliance and cyber risk management objectives • Penetration testing • PCI DSS & Cloud compliance • Legal, GDPR & DPO services • GDPR & GRC Consultancy Services. Software as a Service • CyberComply platform • Cyber Essentials certification • Vulnerability Scanning • GRC e-learning • Privacy as a Service • Document Kits templates. 47% OF FY 2022 REVENUE 27% OF FY 2022 REVENUE • • • We have a wide-ranging, proprietary product and service offering, supported by substantial IP. We have the market-leading IT Governance brand, with a unique Cyber Defence-in-Depth model. We are sector-agnostic and UK-based, with strongly developing businesses in USA and EU, and Asia-Pacific toehold. • • • • We protect our clients, and help them to comply and thrive in an increasingly complex cyber risk environment. Our SaaS division embeds and provides longer term support across the spectrum of cyber and privacy requirements Our e-commerce division attracts clients and provides them their first experience of our expertise and service quality Our service division expands these relationships providing hands-on implementation advice, ongoing support and continual improvement in the face of evolving threat and regulatory challenge We believe the Group is a market leader for Cyber Defence-in-Depth strategies and resources – we can help organisations put a Defence-in-Depth model together, resource it, deploy it, maintain it and adapt it to the changing threat environment. Our Cyber Defence-in-Depth approach means we sell long term strategic relationships to our clients, which provides key cross-selling and up-selling opportunities across the Group. Our offering scales with mass automation at the lower organisational size and with bespoke options at the solutions at the enterprise end. OUR CUSTOMERS INCLUDE: BAE Systems, Barclays, BBC, BT, Carlsberg, Dominos, Dun and Bradstreet, Freshfields Bruckhaus Deringer, Grant Thornton, Halfords, HSBC, John Lewis, Kubota, National Health Service, Next, Inmarsat, Royal Mail, Sipchem, Slaughter & May, Thames Water, The Bank of England, UK national and local government departments, Vodafone, Volkswagen, US Army, PwC. WHERE WE ARE: We are a global group of companies that offers in-country delivery tailored to local needs and cultures. Physical offices: UK, Ireland and the United States. Website: 11 regional websites; in the EU we also provide country-level access to all 27 member states. CROSS SALES / DIVISION 1 2 3 Service Centre Websites CRM System(s) ITGP Books & Toolkits EU and USA Channel Team 26% E-Commerce Division Training. Distribution. UK Digital Marketing. Cloud and PCI training. 1 2 27% SaaS Division Cyber Essentials. GRC e-Learning, (incl. Bespoke). GDPR.co.uk. Vigilant Software. EU/UK Rep and CSaaS. 47% 3 Services Division GDPR and GRC Consultancy. Technical Services. GRCI Law. DQM GRC. Cloud Consultancy, SOC2 Consultancy, Cyber Incident Response. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 20224 CHAIRMAN’S STATEMENT Andrew Stephen Brode Chairman GRC International has positioned itself as a market-leading IT Governance brand with a unique Cyber Defence-in-Depth model providing cyber security regulation, and data compliance products and services delivered via a variety of channels. Its clients are global and demanding. Strategically, we aim to have overseas revenues eventually overtake those generated domestically. Revenues grew by 18% to £13.9m, and the loss for the year was significantly reduced from £2.8m to £1.0m. OVERVIEW I take great pleasure in introducing GRC International’s Annual Report for the year ended 31 March 2022, the Group’s fifth Annual Report since it was listed on the London Stock Exchange’s AIM market in March 2018. GRC International has positioned itself as a market-leading IT Governance brand with a unique Cyber Defence-in-Depth model providing cyber security regulation, and data compliance products and services delivered via a variety of channels. Its clients are global and demanding. Strategically, we aim to have overseas revenues eventually overtake those generated domestically. The year covered by this Annual Report has witnessed a significantly increased focus upon sustainability within the context of ESG developments. Cyber security, business continuity and data protection issues have risen to the top of the corporate and public sector agendas, and your Board re-iterates its confidence that the Group is well- positioned to benefit from these trends. PERFORMANCE The Group has emerged from the lengthy Covid-19 pandemic period in good health. Whilst the balance sheet still bears the significant scars of the pandemic downturn, the management team navigated a successful recovery, with financial assistance from the government and a successful equity raise from investors in January this year. Revenues grew by 18% to £13.9m, and the loss for the year was significantly reduced from £2.8m to £1.0m. More importantly, the Group was profitable at the EBITDA level for FY22 and on into FY23. PEOPLE GRC International is a quintessential people business. We learned very quickly during the Covid-19 pandemic how to sustain the business whilst our people overwhelmingly worked from their homes. This has largely continued to be the case even as restrictions have been lifted. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 20225 5 Our employees have shown dedication, hard work, skills, passion and commitment to delivering the quality of service our clients demand. On behalf of the Board, I would like to place on record our appreciation for the manner in which they have responded to the many challenges they encountered. LOOKING FORWARD The Board is enthused by the outlook for further progress in FY23. Despite a deteriorating economic outlook, the critical importance played by the Group’s products and services in business sustainability continues to develop. The results for the first months of FY23 underpin the management’s optimism about the outcome of the year as a whole. Andrew Brode Chairman 30 August 2022 STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 20222022 2019 2017 2020 2018 2016 We are an established cyber security and privacy business, and we believe we are uniquely positioned to help our clients achieve cyber resilience and regulatory compliance through our range of innovative and integrated Cyber Defence-in-Depth solutions. 2012 6 OUR STORY SO FAR HISTORY Cyber security and privacy are two sides of the same coin – organisations must demonstrate appropriate technical and operational security measures in order to demonstrate privacy compliance. TIMELINE 2022 Launched Cloud Security Consultancy services. Successful growth of the consulting division leads to the launch of IT Governance’s penetration testing solutions. 2010 Launched Cyber Security as a Service (CSaaS) and Privacy as a Service (PaaS) solutions. 2020 2008 IT Governance launches training division focusing on information security management and ISO 27001 courses. 2019 GRC International Group acquires DQM GRC and establishes GRCI Law a legal, risk and compliance consultancy firm. IT Governance launches consultancy division focusing on information security and management system standards. 2007 GRC International Group becomes the holding company and is admitted to trading on the LSE’s AIM. US subsidiary incorporated and office opens in New York. The Group acquires www.gdpr.co.uk. 2018 2006 IT Governance Ltd co-founds Vigilant Software to develop software that help organisations assess and reduce information security risks. 2017 First to market with GDPR training courses, qualifications and consultancy services. E-commerce website launches selling books and documentation toolkits on information security. 2005 Irish subsidiary incorporated and office opens in Drogheda (IT Governance Europe Ltd). 2016 2002 Incorporation of IT Governance Ltd. Alan Calder, CEO, becomes sole shareholder and is appointed Director. 2012 Vigilant Software Ltd becomes a wholly owned subsidiary of the Group. Two of our directors, Alan Calder and Steve Watkins, become the first people in the UK to successfully implement an ISMS compliant with BS 7799 (the precursor to ISO 27001). 1997 2008 2006 2002 2010 2007 2005 1997 STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 2022 7 OUR MISSION We serve an international customer base and deliver a broad range of integrated, high-quality solutions that meet the real-world needs of today’s organisations, directors and practitioners. Our mission is to use our Group’s combined expertise to deliver peace of mind to organisations across the globe, and to help them: PROTECT their business assets and intellectual capital COMPLY with the worldwide increase in regulation and legislation THRIVE as they use improved cyber and privacy practices to achieve business goals OUR VALUES GRC International Group is a dynamic and fast-paced business that is dedicated to: 1. Solving our clients’ real business problems 2. Being open and transparent with our clients, partners and other stakeholders 3. Being honest, responsible and accountable for the work we do 4. Collaborating with our colleagues and stakeholders 5. Showing leadership and initiative both within the business and externally 6. Delivering results and exceeding our clients’ expectations STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 20228 CHIEF EXECUTIVE OFFICER’S REVIEW Alan Philip Calder Chief Executive Officer Our technology capabilities and our track record, together with our deep expertise and Cyber Defence-in-Depth model, provide our clients with peace of mind. They know that our comprehensive, integrated range of products and services enables them to build cyber resilience through deploying our Cyber Defence-in-Depth solutions. The Group performed strongly through calendar 2021 and this continued through Q4 of FY22. March 2022 was our best month of billing since May 2018, despite the economic and geopolitical headwinds. OVERVIEW Importantly, we achieved our two key objectives last year. The first was to improve the quality of earnings and forward visibility of our revenue while delivering significant organic growth. The second was to deliver positive EBITDA. The Group performed strongly through calendar 2021 and this accelerated into Q4 of FY22. March 2022 was our best month of billing since May 2018, despite the economic and geopolitical headwinds. Year on year, overall billings were up 20%, recurring billings were up to 56% (FY21: 51%) of total billings with our subscription numbers up 41% to 5,089. Transactions from returning customers was also up to 57% of the total. As a result, we saw organic revenue growth of 18%. We moved strongly into positive EBITDA, achieving £1.0m against a prior year EBITDA loss of £1.1m, a turnaround of just over £2m. We also successfully completed a £3m oversubscribed share placing in January 2022. This enables us to continue to invest in products and business automation, that substantially improves our profitability, as well as to strengthen the balance sheet position and support working capital. STRATEGY As we have said before, we are seeing significant international growth opportunities in the digitally transformed, Cloud- based, increasingly vulnerable, hybrid- working environment as a result of: • • • Corporates, large and small, domestic and multinational, having to deal with increasingly complex regulations and enforcement in the Group’s three primary geographic markets of UK, EU and US All clients facing escalating nation-state and criminal (serious organised crime) cyber-attacks Significant and deep-seated cyber and compliance skills deficits. In this environment, our strategy is to accelerate growth nationally and internationally, organically and by acquisition. Today’s fragmented and rapidly growing international cyber markets offer significant organic and consolidation opportunities. The Group’s resilience and agility will enable it to exploit those opportunities in the years ahead. The Group’s medium-term objective is to build annual revenue, both organically and through acquisition, to approximately £50m, with gross margins and EBITDA margins in the order of 65% and 25% respectively. Incentives are being put in place to ensure alignment throughout the organisation with these objectives. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 20229 CURRENT TRADING AND OUTLOOK The strong sales momentum, billings, numbers of new business leads and cash generation in Q4 FY 22 has continued into the current financial year. Importantly, we ended the last financial year with £2.4m of FY23 revenue already invoiced. Our overall growth is driven by client acquisition through our e-commerce division, the continued development of expertise through our services division to solve client problems and create opportunities for SaaS deployment. The SaaS division underpins our Cyber Defence- in-Depth offering and is expected to support continued double-digit organic divisional billings growth in the current financial year. We will continue to invest in our e-commerce and SaaS infrastructure in order to extend our automated fulfilment and customer support. This enables our account managers to concentrate on landing and expanding our client relationships, which improves forward revenue visibility, widens gross margins and increases customer lifetime value. After a strong final quarter in FY22 momentum has continued into the first five months of the new financial year. Trading remains robust and in line with expectations. The substantial progress made last year should support the Group’s long term growth aspirations. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202247% OF FY 2022 REVENUE +0% YOY PERFORMANCE 10 CHIEF EXECUTIVE OFFICER’S REVIEW CONTINUED OPERATIONAL REVIEW Operational execution Our technology capabilities and track record, together with our deep expertise and Cyber Defence-in-Depth model, provide our clients with peace of mind. They know that our comprehensive, integrated range of products and services enables them to build cyber resilience through deploying our Cyber Defence-in-Depth solutions. We support our clients, helping them comply and thrive while they tackle cyber resilience, compliance and data protection. Our primary focus is on the people and process domains, and on ensuring that our solutions align with appropriate national and international standards. Our productised services and packaged offerings simplify choice for smaller customers. It also enables effective cross and up-selling. At the same time, our expertise enables us to create custom solutions for corporate and enterprise clients. Our wide-ranging, proprietary product and service offering, supported by substantial IP, is primarily delivered through the market- leading IT Governance brand and our unique Cyber Defence-in-Depth model. During the last financial year, we continued to invest in and build on our 20 years of content marketing, book publishing, PR activity and Search Engine Optimisation (SEO) dominance which resulted in growing volumes of incoming customers seeking specific solutions. We also continued to add external service accreditations, wide-ranging customer endorsements and high Net Promoter Score (NPS) scores to help convert incoming customers. International development The Group is well established in the UK and its main brand, IT Governance, has significant recognition. Our businesses now are also established in the US and EU where we see significant organic and M&A growth opportunities. Our initial Asia-Pacific website is open as we begin to explore a number of regional opportunities. Quality and accreditations Our business management system continues to be accredited to ISO/IEC 27001, ISO/ IEC 27701, BS 10012 and ISO 9001. These accreditations, combined with those from professional bodies such as CREST, the UK’s National Cyber Security Centre (NCSC), and the Payment Card Industry Data Security Standard (PCI SSC), our Cyber Essentials Plus certificate and from training organisations and exam institutes, such as the International Board for IT Governance Qualifications (IBITGQ), ISC2, ISACA, BCS and the UK’s CIISec, are all reflections of the care we take to ensure that we practice what we preach. Our focus on quality is reflected in our NPS scores, which we use for engaging customer feedback. We achieve average scores across the Group in excess of 50, which is a consistently ‘Good’ score. Divisional performance Services Our services division helps corporate and public organisations meet compliance and cyber risk management objectives. This division offers: • • ISO/IEC 27001 (and related standards) implementation, audit and support services A wide range of cyber security management systems and control implementations • Penetration testing • PCI DSS & Cloud compliance • Legal, GDPR Data Protection Office (DPO) and Privacy by Design services We continued to increase our penetration of the mid-size enterprise market, with wins of multi-year contracts from key customers around the world. We also steadily increased the numbers of clients who are signed up to ongoing annual PCI QSA, Penetration testing, ISO 27001 support, DPO and EU/UK representative contracts. During Q4, the Group’s cyber security incident response service achieved CREST accreditation. This, combined with GRC’s unique Cyber Safeguard service package, which includes cyber insurance from Hamilton Insurance, enables the Group to support a growing number of customers that are particularly exposed to cyber attacks. On 1 April 2022, the Group launched a Cloud Security consultancy service to help mid-sized corporate clients ensure that their Cloud infrastructures are securely configured. The service is fully described on the UK website and sold directly to our existing medium and large consultancy clients through our consultancy and professional services teams. Allied with the Group’s Microsoft Global Training Partnership, this expands the footprint in the fast-growing Cloud security market. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202211 OUR VALUE PROPOSITION OUR EXPERTISE, YOUR PEACE OF MIND The Board believe that GRC International has the most comprehensive suite of cyber security and privacy products and services in the world. Our mission is to use our cohesive and in-depth expertise as a Group to give our customers complete peace of mind for every unique cyber and privacy challenge they face, with a holistic approach to cyber security and compliance through comprehensive and robust Cyber Defence-in-Depth solutions. OUR EXPERTISE IN THE MEDIA Our experts are thought-leaders who are constantly future- gazing and analysing the threat landscape. Our Group has some of the best minds in compliance and cyber security that are regularly asked for commentary within the media on key industry topics. CNBC, The Daily Telegraph, The Financial Times, MSN, Business Insider, TechRadar Pro, Computer Weekly, Compliance Week, SC Media. 26% OF FY 2022 REVENUE +50% YOY PERFORMANCE 27% OF FY 2022 REVENUE +32% YOY PERFORMANCE e-Commerce This division encompasses: • Eight B2B e-commerce websites • • ITGP, our publishing business, offers a wide range of books and standards, covering cyber security, GDPR, privacy/ data protection, risk & compliance ‘Learn from Anywhere’ training delivery model, with accredited training for a wide range of cyber security and privacy qualifications We made significant progress with developing self-paced versions of all the best-selling instructor-led courses in our portfolio. This enables us to target markets and time zones for which our Instructor-led offering is either difficult to attend or unaffordable. Software as a Service This division is focused on delivering cyber security and privacy subscription solutions from a growing range of cloud- based platforms. These include: • Cyber Comply GRC platform • Cyber Essentials certification • Vulnerability Scanning • GRC e-learning (staff awareness training) • Privacy as a Service • Document Kits templates • Cyber Safeguard, our Cyber security as a Service offering We significantly expanded the range of cyber security and privacy standards and frameworks that can be addressed though the CyberComply platform. At the same time, we started expanding the staff awareness e-learning portfolio outside the core cyber security and privacy product range to include the other GRC subjects (such as anti-bribery and anti- money laundering) that clients expect to see on GRC staff awareness platforms. Alan Calder Chief Executive Officer 30 August 2022 STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202212 MARKET OVERVIEW A global market driven by the growing volume and scale of cyber security threats The growing market for cyber security and privacy services is driven predominantly by four inter-linked trends: 1. Digital transformation, migration to Cloud and hybrid working models create new security and privacy vulnerabilities for all organisations. 2. Nation states, serious organised crime and cyber criminals are becoming increasingly adept and sophisticated in exploiting these vulnerabilities to compromise operations and steal assets. 3. Governments around the world are responding to these changes by increasing the range and weight of cyber and privacy- related law and regulation. 4. Significant cyber and privacy skills gaps in the market mean that most companies are unable to properly and fully resource their response to these challenges. According to the UK government’s CSBS 2021, three-quarters (77%) of businesses said cyber security is a high priority for their directors or senior managers. Many organisations identified that COVID-19 and the ensuing move to home working initiated substantial changes in their digital infrastructure, which led to substantial cyber security challenges. The Verizon Data Breach Investigations Report 2021 (an authoritative report which draws on global data) identifies that 85% of cyber breaches involved a human element and their financial impacts ranged between USD 65 and USD 1.2 million. Ransomware attacks continue to be the most costly as financially motivated attacks and serious organised crime continue to dominate the threat actor statistics. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202213 WE OPERATE IN A GROWING AND GLOBAL MARKET Due to the ’one-stop shop’ nature of GRC International’s business, it is difficult to confirm the exact size of the global market for the Group’s products and services. However, there are a number of research reports that indicate the size and growth rate of this market: • • • • Ransomware will attack a device every 2 seconds by 2031 – up from every 11 seconds in 2021 (Cybersecurity Ventures) Cybercrime damages will increase by 15% pa to $10.5 trillion by 2025, up from $3 trillion in 2015 (Cybersecurity Ventures/ MasterCard) The cybersecurity workforce gap is 2.72 million people (ISC2 Research) Cybersecurity market will grow by 2026 to £352 billion, a 14.5% CAGR (Mordor Intelligence plc) GRC INTERNATIONAL OFFERS A UNIQUE PROPOSITION TO THE MARKET In response to market trends in cyber security, there is a rising number of consultancies, including the six major accountancy firms, who now offer cyber security services. However, the Board maintains that there are no other companies offering either the wide range of products and services that GRC International provides, or the IT Governance Cyber Defence-in-Depth model, whether in the UK or elsewhere. Furthermore, the Board believes that the Group’s depth and breadth of expertise enables it to offer unique bespoke solutions to clients seeking to address their IT governance, risk management and compliance requirements in a way that fits with their other business processes and objectives and enables them to protect their assets and operations while also meeting compliance objectives and thriving by securely delivering to their own customers. Ernst & Young, in its 2021 Global Information Security Survey, said: ‘Over the last year, every organisation has had to transform at an accelerated speed that would have been thought impossible just a short time ago. However, many organisations did not involve cybersecurity in the decision-making process, either due to oversight or urgency of the need to adapt. As a result, these organisations need to address the risks and potential vulnerabilities that were introduced during their transformation efforts at the height of the pandemic while also ensuring cybersecurity resilience for the next major disruption in this fast-moving environment.’ THE NEED FOR END-TO-END COMPLIANCE ACROSS THE SUPPLY CHAIN WITH LEGAL AND REGULATORY OBLIGATIONS IS FURTHER INCREASING DEMAND FOR OUR PRODUCTS AND SERVICES All organisations have legal and regulatory obligations to have data protection and cyber security systems and procedures in place. These laws and regulations (for example, EU GDPR and, since Brexit, UK GDPR as well as a patchwork of state-level laws in the USA) often have international reach outside of the countries in which they are enacted. The Board continues to believe that the most prominent legal, regulatory and commercial standards relating to these areas will continue to be adopted more widely across the globe. Organisations will need to implement procedures and practices that will enable them to demonstrate their compliance with the standards. In addition to laws and regulations, companies are increasingly required to provide assurance to their customers, regulators and stakeholders that their data protection and cyber security systems are adequate for the current risk environment. Businesses, therefore, require evidence of adequate security from all the entities in their supply chains. For example, the payment card brands, through their acquiring banks, require businesses (and their suppliers) that process payment cards to meet the Payment Card Industry Data Security Standard (’PCI DSS’) and the UK Government already requires that organisations supplying it directly or indirectly should comply with Cyber Essentials (its own standard). STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202214 BUSINESS MODEL Our core proposition is built around our ability to provide a full range of integrated services to clients HOW WE DELIVER SERVICES Our comprehensive and diverse range of consultancy services and products has grown over the years to meet the increase in customer demand. Our three service offerings are: • GRC Process and Management Consultancy • Technical cyber security services • Vulnerability Scanning Service “ Great product, always gives out clear results.” WHAT WE DELIVER SERVICES SOFTWARE-AS -A-SERVICE E-COMMERCE GRC PROCESS AND MANAGEMENT CONSULTANCY We provide on-site and remote support, helping organisations to design and implement data protection and cyber security policies and procedures. Through GRCI Law, we also provide specialist legal privacy advice, and annual support packages like Privacy as a Service and DPO as a Service. Our newest acquisition, DQM GRC, is the leading data protection, data watermarking and Privacy by Design consultancy. The Group attracts most of its consultancy customers via online searches carried out by the customer, through attendance on training courses, recommendation or as a result of relationships that have developed over time. We are successfully delivering 98% of our cyber security, privacy and continuity services remotely to customers across the world. TECHNICAL CYBER SECURITY SERVICES Through this line of business we provide: • Penetration testing: we carry out an authorised simulated attack on a customer’s IT systems to test the effectiveness of the systems and procedures and to identify any weaknesses. We also offer simulated phishing attacks and a broad range of security testing services. • PCI DSS assessments: in line with contractual payment card industry requirements, we regularly test organisations’ data protection and cyber security systems. • GCRI Law is growing rapidly – revenues went up 48% from FY21 £945,000 to FY22 £1,402,000. We have focused on recurrent revenue and now have a growing list of clients buying our DPOaaS and Privacy as a Service offerings on annual contracts, which brings in 84% of our revenue. • We have moved our new Cyber Security Incident Response Service into GRCI Law, which has enabled us to link Cyber incident response and data to reach reporting for our clients. We gained CREST accreditation for this service and, given the volume of Cyber incidents in the world today, we expect significant revenue growth. • Our newest acquisition, DQM GRC, has been firmly embedded into our Group, and is now selling a variety of the Group’s original cyber security products to their client base, such as the Group’s Cyber Health Check, whilst continuing to retain key clients such as Royal Mail with their data governance programme – which is now in its 17th year. • We have been a leading Cyber Essentials certification body for more than six years and have issued more than 6,900 certificates with our one-to-one consultancy support and certification guarantee service. • Digitisation and the rush to the Cloud, driven by the Pandemic, has left many organisations with significant vulnerabilities. Our newly launched Cloud Security Service is designed to help clients assess and repair their critical vulnerabilities. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202215 HOW WE DELIVER SOFTWARE-AS-A- SERVICE We create and sell software solutions, including a range of ’software-as-a- service’ products such as e-learning, risk assessment and data flow mapping tools, data seeding and watermarking solutions, all on an annual subscription basis. Our in-house development team is able to deliver continual improvements on the basis of customer feedback and our own subject matter expertise. “ vsRisk is an excellent product.” vRisk HOW WE DELIVER E-COMMERCE Our e-Commerce division is made up of the Group’s training, publishing and distribution services. “ Fantastic must-have product for anyone looking to introduce or maintain an IT Governance environment within an organisation.” ISO 27001 Toolkit Our subsidiary, Vigilant Software Ltd sells the CyberComply platform, which includes: • vsRisk: Provides an ISO 27001- compliant cyber risk assessment tool and functionality which supports the long-term effectiveness of ISO 27001 management systems. • Clients now signing multi-year contracts, with a view to secure in excess of £600,000 in FY23. • Our vulnerability scanning service provides clients with continual assessment of vulnerabilities in Internet- facing assets. • Compliance Manager: Assists with identifying the legal, contractual and regulatory obligations to meet, inter alia, the Interested Parties clause 4.2 of ISO 27001. • Our data watermarking service enables organisations to protect personal data bases, whether for the purposes of GDPR compliance or to monitor commercial usage. • The Data Flow Mapping Tool: The quick, • Cyber Essentials certification and easy and affordable way for organisations to map personal data. consultancy: we provide an accredited certification service that helps organisations of all sizes become certified to the UK Government’s Cyber Essentials scheme. TRAINING Instructor-led courses range from one to five days with typically 8-20 delegates: • Our Learn from Anywhere Model enabled us to reduce the number of courses we run while increasing the number of attending delegates. This improvement in average course fill rate, from 58% to 70%, contributed to our gross margin improvement. We also hold courses at: • Hired premises. • Customers’ premises (for organisations that require training for a large number of their employees). • Via live webinars to domestic and international audiences. • Self-paced courses enable learners to acquire new skills at their own pace and in their own time. PUBLISHING AND DISTRIBUTION Books We commission external authors or our own internal technical writing team to write books on the basis of feedback from clients or knowledge of the markets in which the Group operates. Most of the books we sell relate to how organisations should manage their IT risk exposures or standards published by various bodies. Often, the first touch in a long term client relationship is an ITGP book which they purchased from one of our websites. Our books also accompany and enhance training courses as well as supporting clients who are using our other offerings – such as DocumentKits or CyberCompany – to successfully achieve their cyber security and privacy compliance objectives. ITGP is the leading GRC niche publisher and its range of books, also available through all traditional online resellers, are published in e-Book and audio formats. The portfolio has been expanding to include a wide range of GRC subjects, such as anti-modern slavery, health and safety and the environment. Documentation templates We create and sell 37 sets of documentation templates, the most important of which are now sold through a cloud-based subscription service • IT Publishing’s Document hits added 1,254 new users during the year and subscriptions grew 79% YoY to 1,519 with an average churn rate of 4%. • IT Governance Publishing has sold more than 130,000 books and pocket guides, 12,000 toolkits and templates, 9,500 audiobooks, and the company now has over 250 titles in our portfolio. • IT Governance Publishing released over 1,250 content updates to the DocumentKits platform, which now contains 33 of our 37 template kits. • GRC eLearning now has 127,000 users from 1,665 companies accessing study awareness training on its Learning Management System (”LMS”). STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202216 OUR STRATEGY We have four strategic priorities that enable us to expand our Cyber Defence-in- Depth offerings There is a global demand for cyber resilience and regulatory compliance – digital transformation, cloud migration and a world where hybrid working is becoming the norm, means we will become even more reliant on our connected devices and the adoption of technology – which creates an even bigger playing field for cyber threat actors, and speeds up the increase in regulatory requirements, with the cost of compliance failure mounting even higher. OUR MISSION We exist to give cyber and privacy peace of mind to all organisations through our Group’s combined expertise and comprehensive range of integrated, world-class solutions. OUR VISION To be the business world’s go-to resource for managing and mitigating both cyber and privacy risk with integrated solutions – all deployed from one place and one organisation. DELIVERING GROWTH THROUGH FOUR STRATEGIC PILLARS EXPAND EXISTING SERVICES INTO EXISTING MARKETS We aim to deliver consistently high- quality, integrated solutions that give our customers privacy and cyber peace of mind, fully utilising our global capability and the world-class expertise of our employees and consultants. DELIVERING AGAINST OUR STRATEGY • GRC e-Learning now has 127,000 users from 1,665 companies accessing study awareness training on its Learning Management System (“LMS”). • • IT Governance Publishing has sold more than 130,000 books and pocket guides, 12,000 toolkits and templates, 9,500 audiobooks, and the company now has over 250 titles in our portfolio. GCRI Law continues its rapid growth – revenues went up 48% from FY21 £945,000 to FY22 £1,402,000. We have focused on recurrent revenue and now have a growing list of clients buying our DPOaaS and Privacy as a Service offerings on annual contracts, which brings in 84% of our revenue. • • Our team issued 1,408 Cyber Essentials certificates this year. With just over 30,000 Cyber Essentials certificates being issued since its release in 2014, and with cyber crime continuing to rise and the threat landscape changing to accommodate hybrid working, we see this as a significant growth market and an exciting opportunity for the Group to strongly position itself as the go-to Cyber Essentials consultancy and certification body. The Group ran 189 cyber security and privacy training courses this year. This is another avenue where we see customer demand increasing over the next few years, as there currently aren’t enough cyber security workers out there to meet the growing demand, and things are getting worse. It is estimated that 3.5 million cyber security jobs are unfilled, and of the candidates who apply, fewer than one in four are even appropriately qualified. • We have focused significantly on pushing organic growth through our websites; and our established UK business model has proven this growth converts into web sales and long-term relationships with clients. The integrated governance service DQM GRC provide to us is invaluable in the fight against data misuse and protection of our valuable data assets. The DQM team always go the extra mile required to exceed our expectations. We consider them a valuable extension to our knowledgeable team and a trusted partner. Royal Mail STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202217 EXPAND EXISTING SERVICES INTO NEW JURISDICTIONS ADDING NEW SERVICES FOR EXISTING AND NEW CLIENTS MAKE SELECTIVE ACQUISITIONS The global cyber and privacy markets have continued to evolve rapidly throughout the pandemic. This year we have focused on securing recurring revenue, increasing our gross margins and growing our current capabilities – with a specific focus on ensuring our newest acquisition, DQM GRC, has been successfully and fully embedded within the Group. This has put us in a strong position to make selective and strategic acquisitions after the uncertainty surrounding the pandemic has lifted, where we will continue to invest to enhance our proposition and create growth opportunities from changing market dynamics. DELIVERING AGAINST OUR STRATEGY • DQM GRC has been firmly embedded into our Group, and is now selling a variety of the Group’s original cyber security products to their client base, such as the Group’s Cyber Health Check, whilst continuing to retain key clients such as Royal Mail with their data governance programme – which is now in its 17th year. We have seen significant organic growth across website traffic in our fledgling businesses IT Governance EU and USA, indicating that our tried and tested, established UK growth strategy is working effectively across new jurisdictions which puts us in a strong position for significant future growth. DELIVERING AGAINST OUR STRATEGY • IT Governance EU saw a 13% increase in web traffic YoY, with a 50% increase in revenue through the website and an improvement on average web sales value of 40% • • • • Total revenue for EU was up 33% year on year for IT Governance EU Key client wins for IT Governance EU include Equinor, Paradyn, Dornan and PFH Technology. Web traffic for IT Governance USA increased by 41% YoY in FY 2021/22 vs FY 2020/21, this converted into a 14% increase in web transactions and a 9% increase in web revenue. Key client wins for IT Governance USA include Versant Medical, Avidon Health, Tango Card and SWIFT. We continue to evaluate evolving market demand for opportunities to deliver new products and services to existing and new customers in existing and new jurisdictions. DELIVERING AGAINST OUR STRATEGY Product development is fundamental to what we do. We are agile in launching new products and services to match customer demand and swift market changes. This year, we’ve broadened our Cyber Defence-in- Depth offering by launching 45 new products and services specifically focused on helping organisations develop and strengthen their Cyber Defence-in-Depth and resilience frameworks. Our new offerings are spread across multiple categories including penetration testing, staff awareness, cyber skills and consultancy and include: • • • • • • • • • • • • • Cyber Safeguard ISO 27701 PIMS Lead Implementer Self-Paced Training Course Cyber Security for Executive Management Self-Paced Training Course Cyber Security Incident Response Readiness Assessment Cyber Security Incident Response Table Top Exercise Physical Security Staff Awareness eLearning Course Health and Safety for Managers Staff Awareness eLearning Course Health and Safety Staff Awareness eLearning Course Modern Slavery Staff Awareness eLearning Course Antibribery Staff Awareness eLearning Course Business Continuity Staff Awareness eLearning Course ISO 27002:2022-related updates Cloud Configuration Penetration Test • Microsoft Cloud Training Courses STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202218 HELPING OUR CLIENTS CREATE COMPREHENSIVE AND ROBUST CYBER DEFENCE IN DEPTH MODELS Looking ahead to 2022-2023, cybersecurity must be seen as a strategic business issue that impacts decision-making. World Economic Forum, 2022 Organisations need a multi-layered, risk- based approach to build cyber resilience. We believe a resilient Cyber Defence-in- Depth strategy is made up of five tiers, Detect, Protect, Manage, Respond and Recover. Every organisation needs all of the stages of defence in depth, some more detailed and comprehensive than others. The larger the company, or the more valuable their critical assets, the more multifaceted those defensive stages need to be at every level. STAGE 1 - DETECTION STAGE 2 - PROTECTION STAGE 3 - MANAGEMENT The first layer of a defence-in-depth strategy is detection. It is well-known that attackers exploit two types of vulnerability: technical and human. Technical vulnerabilities are publicly listed, and human weaknesses are inevitable. An organisation’s first line defence must identify and stop attacks that exploit these liabilities. Organisations need to thoroughly understand the threats they face and where their cyber defences are most at risk of being breached. As new cyber security vulnerabilities are discovered every day, it’s vital that an organisation carries out regular vulnerability scanning. Humans are even more vulnerable, and so phishing awareness training is as equally important. Having these measures will detect and patch security flaws before they are breached. How We Secure Our Clients: Continual Vulnerability Scanning, Phishing Awareness Training, Cyber security awareness training, Physical security awareness training. It is inevitable that some attacks will get past an organisation’s first line of defence, through mechanisms such as zero-day attacks and well-designed phishing emails – so an organisation must also implement more robust technical controls, such as getting Cyber Essentials certified and recruiting people into the company who have the skills necessary to manage cyber security defences and breaches. Protecting an organisation from the increasing threat of cyber attacks and data breaches can be challenging. Employees are a crucial line of defence, and ensuring they know their security responsibilities and how to spot a cyber threat is critical. Depending on the organisation, it may not need to implement extensive security measures, but a base level of security is essential. Certification to basic security schemes can protect an organisation from the most common cyber threats and demonstrate its commitment to cyber security. How We Secure Our Clients: Cyber Security, Data Protection Officer, Cloud Security Training Courses, Cloud Security Training Courses, Cyber Incident Response products and services, Cyber Essentials and Cyber Essentials Plus services, Penetration Testing services Organisations need to focus their defence on critical and key assets, because ultimately no organisation can protect all resources equally. Organisations also need to be able to audit technical and organisational measures, and embedding risk-based security controls, managing the security of supply chains and carrying out regular audits are measures every organisation needs to take. Certification to ISO 27001 demonstrates to customers, stakeholders and staff that an organisation has implemented and maintains information security best practice in which controls are selected and maintained to deal with specifically identified threats. An organisation will also need to have the necessary policies and procedures in place to evidence and ensure compliance to any regulations and standards. There is a growing range of regulations and standards with which organisations have to comply – they all have in common the principle that organisations need a comprehensive, structured approach to managing cyber risk. How We Secure Our Clients: DPO as a Service, ISO 27001 products and services, GDPR compliance solutions, EU/UK representative services, Risk Management services, GDPR Contract and Legal Services, NIS, SOC 2 and NIST services. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202219 CYBER SAFEGUARD: CYBER DEFENCE-IN- DEPTH WRAPPED UP IN ONE PACKAGED SOLUTION CYBER SAFEGUARD INSURANCE – SUPPORT – TRAINING – SCANNING Cyber Safeguard provides all the essential support, training, testing and insurance cover an organisation needs for a cyber secure business. The easy-to-manage service enables our clients to: • • • • • • Access cyber insurance cover of up to £500,000 from day one; Quickly roll out staff awareness training and track staff participation, both in the office and remotely; Ensure staff are appropriately trained to spot phishing emails, avoid email misuse and adhere to data privacy and information security best practices; Perform unlimited scans to check for vulnerabilities and use their ‘Scanned by IT Governance’ badge to demonstrate to their clients that they take security seriously. Access emergency cyber incident and breach support whenever and however they need it; and Gain peace of mind with advice from legal and cyber security experts. STAGE 4 - RESPONSE STAGE 5 - RECOVERY When all other lines of defence have failed, organisations need to ensure that they can survive the attack. Recovering from a cyber attack or data breach can be far more disruptive than an organisation had planned for. Most of the time, an organisation can restore enough critical services to be able to continue functioning, but it can take months to fully return to business as usual. Having cyber insurance in place can give organisations peace of mind, giving them cover when they need it most, and helping the organisation get back to business as usual as soon as possible. Ultimately, it can cover the cost of-rebuilding if all else fails. One weakness is all it takes for cyber criminals to infiltrate a system. Inevitably, at some point, an organisation will suffer a breach – and how they respond to it is key to survival. A robust Information Security Management System will enable an organisation to withstand many attacks – but those which are successful will be the larger and more sophisticated attacks. Organisations need a robust business continuity management system, combined with cyber security and data protection audits and management through the supply chain to minimise the attack’s likelihood and impact. While the security measures should minimise the impact of a successful attack, having a response plan in place is critical to limiting disruption and costs. This is especially important when it comes to breaches of personal data, which must be reported to the data protection authorities within 72 hours of being discovered under the DPA 2018 and GDPR. How We Secure Our Clients: Supply Chain Audit / Management products, Business Continuity Management products/services, ISO 22301 products/services, NIS regulations products/services, Emergency Cyber Incident Response, Emergency Data Breach Management Services, DSAR as a Service. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202220 FINANCIAL REVIEW Chris Hartshorne, FCCA Finance Director Strong top line growth, particularly in high margin revenue lines, has delivered a return to positive EBITDA and a solid return on the investment made so far in product development and internal automation. EBITDA was £1.0m (FY21: loss £1.1m). The positive performance in the last quarter of FY21 continued through FY22, delivering the Group’s first positive EBITDA full year result since FY18. BILLINGS Billings were up 20% to £14.8m (FY21: £12.3m). Billings equate to the total value of invoices raised as cash sales through the Group’s websites. The figure does not take account of accrued or deferred income adjustments that are required to comply with accounting standards for revenue recognition. The Board considers this to be a key performance indicator because it has a much closer relationship than accounting revenue to cash receipts from customers. It also provides good forward visibility of future accounting revenue since much of the Group’s invoicing takes place ahead of delivery. REVENUE Revenue for the year ended 31 March 2022 was up 18% to £13.9m (FY21: £11.8m). The comparative period was particularly impacted by the effects of the early months of COVID-19. H2 revenue at £7.3m was up 11% on the previous six months (H1 FY22: £6.6m), despite continuing uncertainty in the wider economy over inflation, rising energy prices and other geopolitical factors. Recurring and contracted revenue was up 22% to £8.2m (FY21: £6.7m). This accounted for 59% of total revenue (FY21: 57%). The most significant revenue growth was in the e-Commerce division, which includes sales of public training courses and documentation toolkits. These were hardest hit during the COVID-19 pandemic and have recovered strongly, with the introduction of recurring revenue product lines and longer term projects in this division contributing to the growth and making this revenue stream more resilient going forward. The growth in the Software as a Service division reflects the Group’s focus on and investment in developing its high margin and highly scalable recurring revenue. £’m FY22 FY21 Period-on-period % FY22 vs FY21 % change Services Software as a Service (SaaS) e-Commerce 6.6 6.6 3.7 2.8 3.6 2.4 Services 0% Software as a Service (SaaS) e-Commerce 32% 50% Total 13.9 11.8 Total 18% INTERNATIONAL International revenue was up 43% to £3.0m (FY21: £2.1m), representing 22% (FY21: 18%) of total Group revenue. The Group services the majority of its US based clients through its IT Governance USA business and most of its European clients through its IT Governance EU business. Invoicing in USD and EUR respectively. The use of local staff and suppliers in those territories means cost is incurred in local currency providing a natural partial hedge against foreign exchange risk. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 2022 21 The Group saw growth in both its US and European revenues, of 44% and 14% respectively in FY22 at constant currency, notwithstanding the differing rates of general economic recovery from the pandemic around the world, along with other worldwide macro-economic challenges. GROSS PROFIT Gross profit was up 34% to £8.2m (FY21: £6.1m), with gross margin also up by 700 basis points to 59% (FY21: 52%). The majority of the Group’s direct cost base relates to headcount for consultants and client delivery staff. The COVID-19-related sudden and dramatic revenue drop in the early part of the comparative period meant that sales revenue was temporarily out of alignment with the Group’s costs. Where possible, the Group focused on retaining the staff it needed to deliver the expected strong growth and client delivery coming out of the pandemic. This resulted in better consultant utilisation rates and therefore better margins in the Services division as revenue recovered. This, along with the Group’s focus on higher-margin subscription services, has driven the overall improvement in margin. In particular, the growth in retainer type arrangements for some services contracts has driven margin improvement in the services division and also improved forward visibility of revenue. Notably, the Group’s two fastest-growing revenue divisions, SaaS and e-Commerce, have the highest gross margin: Division Services SaaS e-Commerce Total FY21 FY22 Revenue Gross profit Revenue increase Revenue Gross profit £ 6.6 2.8 2.4 11.8 £ 2.1 2.6 1.4 6.1 % 32% 93% 58% 52% % -% 32% 50% 18% £ 6.6 3.7 3.6 13.9 £ 2.7 3.3 2.2 8.2 % 41% 89% 61% 59% ADMINISTRATIVE EXPENSES Administrative expenses increased by £0.2m (2%) to £9.1m (FY21: £8.9m), compared with revenue increasing by 18%. The increase in administrative expenses was mostly due to staff costs and related expenses, with only a small increase in headcount required to support the growth in revenue. The Group’s investment in automation and focus on SaaS revenue lines has improved the overall operational gearing which has seen top-line growth without the proportionate increases in staff. This is expected to result in a continued widening of margins. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202222 FINANCIAL REVIEW CONTINUED EBITDA EBITDA (earnings before interest, tax, depreciation and amortisation) is considered by the Board to be an important key performance indicator. It is a more accurate measure of underlying business performance as it removes the impact of non-cash accounting adjustments. EBITDA was £1.0m (FY21: loss £1.1m). The positive performance in the last quarter of FY21 continued through FY22, delivering the Group’s first positive EBITDA full year result since FY18. £’m Revenue Operating loss Depreciation Amortisation EBITDA EBITDA as % revenue FY21 11.8 (2.6) 0.4 1.1 (1.1) (9)% FY22 13.9 (0.7) 0.3 1.4 1.0 7% FINANCE EXPENSE The net finance expense of £0.3m (FY21: £0.2m) relates to interest on the Group’s borrowings and leases accounted for under IFRS 16. LOSS BEFORE TAX Loss before tax was £1.0m (FY21: loss £2.8m). TAXATION No provision for tax has been made in the period (FY21: £Nil). The small tax charge recognised mostly relates to the unwinding of deferred tax on the acquisition of DQM GRC, offset by the effect of changes in tax rates. EARNINGS PER SHARE Loss per share was 0.98 pence (FY21: loss per share 2.58 pence). DIVIDEND The Group is not paying a dividend. CASH FLOW AND CASH/DEBT The Group’s closing cash position net of a bank overdraft was £2.1m (31 March 2021: £0.2m). Borrowings (excluding lease obligations) at period end were £1.1m (31 March 2021: £1.3m). The Group has banking facilities to provide adequate headroom for unforeseen working capital requirements by way of an invoice discounting facility that was inherited as part of the acquisition of DQM GRC in 2019. In addition, the unsecured loan facility provided by Andrew Brode for the amount of £700,000 at an interest rate of 5% above the Bank of England base rate to provide additional working capital is available to the Company until at least 31 December 2023 and shall automatically renew for a further 12 months unless terminated by either party. As at the period end and the date of this report, £350,000 remained available to be drawn down. Further information on Going Concern is provided in the Financial Statements ‘Nature of operations and general information’ section (Principal accounting policies) of the Annual Report. STATEMENT OF FINANCIAL POSITION Net assets were £8.7m (31 March 2021: £6.9m). Net current liabilities at period end were down by £2.0m to £3.2m (31 March 2021: £5.2m). In January 2022, GRC International completed a successful £3m oversubscribed share placing. This is enabling the Group to continue its product investment and business automation programmes, including the development of new features and functionality across all units in the SaaS division, at the same time as making agreed repayments (under the ‘time to pay’ arrangements) against the deferred HMRC tax liabilities that arose through the pandemic. The main factor in the overall decrease in net current liabilities of £1.9m was the increase in cash balance resulting from the January share placing and a strong Q4 trading and cash performance. The trade and other payables balance includes a deferred income balance of £1.8m (31 March 2021: £1.1m), relating to training and consultancy projects due to be delivered after the statement of financial position date. The 63% increase in this balance signifies improving revenue trends and provides some visibility of income to be recognised in FY23. INTANGIBLE ASSETS The Group’s accounting policy is that only directly attributable staff costs of the technical teams developing the assets are capitalised. No management time is capitalised, and neither is any proportion of overheads or borrowing costs. Additions of £1.2m (FY21: £1.2m) relate to software, website development and the development of courseware. CAPITAL STRUCTURE The issued share capital at 31 March 2022 was 107,826,246 (31 March 2021: 99,931,509) ordinary shares of £0.001 each. There were no share options granted in the period to 31 March 2022. RISKS AND UNCERTAINTIES The Board continually assesses and monitors the key risks of the business. The key risks that could affect the Group’s performance, and the factors that mitigate these risks, are set out on pages 24 to 25. Chris Hartshorne Finance Director 30 August 2022 STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 2022 23 The simplest and most effective solution for organisations worldwide is access to a supplier that can address all of their IT Governance, Compliance and Risk Management needs with an integrated and comprehensive Product and Service Portfolio. We are that Solution. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202224 RISK MANAGEMENT OUR PRINCIPAL RISKS AND UNCERTAINTIES The Group is exposed to a number of potential risks which may have a material effect on our reputation, financial or operational performance. The Board is aware that the nature and scope of risks can evolve and that there may be further risks to which GRC International is exposed. While this list is not intended to be exhaustive, the Directors consider the below to be the principal risks and uncertainties faced by the Group. The Board has overall responsibility for risk management and internal control and is fully supported by the Audit Committee. Risk Mitigation conditions in the key geographic markets it operates in. The Group could be affected by unforeseen events outside of its control including: t Our operations are affected by overall economic n e m n o r i v n e c m o n o c E Economic and political events, such as the Russian invasion of Ukraine and changes in UK government • Currency exchange fluctuation Inflation or deflation • • i Competition: The Group’s current competitors, or new entrants to the market, particularly the data protection and cyber security markets, might bring superior technologies, products or services to the market, or equivalent products or services at a lower price which may have an adverse effect on the Group’s business. Customers: Loss of key customers has the potential to materially impact Group revenue. Compliance environment: Customer activity is to a significant extent driven by their fear of a data or cyber security breach and the regulatory and commercial consequences thereof. A reduction in external compliance pressure on the Group’s clients may have an adverse effect on the Group’s business. t n e m n o r i v n e g n i t a r e p O While the increasing geographic diversity of GRC provides some mitigation from individual country economic fluctuations, we continue to review and monitor our economic environment and will continue to consult widely to better understand any economic uncertainty and associated impacts. GRC operates on a basis of natural hedging to help minimise exposure to this risk. We continue to enhance and adapt the Group’s service offering, develop and invest in new propositions and services and invest in technology to better serve the needs of existing clients. We believe that the best way to mitigate this risk is to continue to deliver and maintain high-quality products and services to our customers. We continually review and monitor competitive activity in all our markets to ensure GRC remains innovative, competitive and attractive in the markets in which we operate. We operate a remote ‘deliver from anywhere’ model meaning we can deliver to clients on premises or remotely to suit their needs. In addition to the above, we seek to balance our exposure to customer dependency across all our geographic markets. We monitor customer demand and, in the event of a reduction in demand, would take steps to reduce delivery capacity and overheads. We maintain close working and contractual relationships with key suppliers and endeavour to limit those services for which we have a single point of failure. d n a n o i t a l s i g e L n o i t a u g e r l The markets in which the Group operates are subject to legal and regulatory changes and the emergence of new industry standards. To compete successfully, the Group will need to continue to improve its products and services, and to develop and market new products and services that keep pace with changes in legislation, regulation and commercial practices. We monitor developments and proposed changes in Government policies, legislation, regulation and other factors that may impact our business and our customers’ businesses. Our strategy is kept under close review to ensure we respond to any such impact. We have well-developed IT systems, operational controls, comprehensive training and a rigorous compliance monitoring programme in order to maintain adherence to legislation. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 2022 25 Risk Mitigation The continued expansion of the Group into new countries brings associated risks. With a number of offices located outside the UK, there is a risk that the Group’s growth overseas may result in a reduction in the quality of control and oversight provided by senior management. Factors such as different time zones, languages, regulatory regimes and working cultures may all reduce the efficacy of the oversight provided by senior management. The financial performance of the Group may be impacted by changes to taxation regulation and the repatriation of profits, as the UK has now left the EU. The Board and senior management review international activity on a regular basis and consider both strategic and operational issues that may impact performance. The Board has full oversight of UK and overseas operations through regular management meetings, both remotely and in person. The nature of the Group’s business means that it is exposed to a number or risks associated with information technology which have the potential to cause a significant impact on operational performance, Company reputation and financial performance. We manage this risk in a number of ways, including external certification to international security standards, such as ISO/IEC 27001 and UK standards such as Cyber Essentials Plus. Our GDPR compliance management system is externally audited to comply with both ISO/IEC 27701 and BS 10012. These risks include: – Cyber security breach – Data breach – Reliance on key systems, including defects in software The Group’s future will be greatly influenced by the continued services and performance of its Directors and senior management. Furthermore, failure to recruit and retain skilled personnel at all levels across the business could also have an adverse impact. Employees remain our greatest asset and high levels of employee turnover are a principal risk. Highly skilled employees are vital to building and maintaining client relationships and winning new work. A business continuity plan is in place to minimise the impact to the business should IT systems fail. The internal IT team assesses risks associated with potential cyber threats on a regular basis and uses antivirus software, amongst other controls, to protect the integrity of systems. We also undertake regular penetration testing to assess infrastructure and data security. In the event that an IT incident does occur, back-up facilities are in place to ensure business interruptions are minimised and internal and customer data is protected from corruption or unauthorised access. GRC also has cyber insurance appropriate to its risk profile. We continue to invest in cyber security measures, tools and infrastructure, as well as seeking to develop and upgrade systems in line with the Group’s plans for significant expansion. GRC takes pride in creating a positive and exciting workplace environment, through training, engagement, rewards and values. Management provided continued support to our employees, physically and mentally during the Covid-19 pandemic including embedding ongoing hybrid working arrangements. Significant efforts were and continue to be made to engage with and obtain feedback from employees. The Remuneration Committee seeks to ensure that rewards correspond with performance and retention. Keyman insurance has been put in place in respect of the Chief Executive Officer, Alan Calder, for £750,000. With a strategy for the Group of significant growth, including further international expansion, the Board recognises the importance of regular review and monitoring of the Group’s financing. The Group maintains regular and transparent dialogue with its facility lenders to ensure they are aware of developments in the business and reviews the level of facilities required based on the Group’s forecasts. The Group maintains a short-term invoice discounting facility and has an unsecured loan facility provided by Andrew Brode to provide additional working capital. The Group only has a limited forward order book for its services, creating unpredictability in revenues and cash, hence impacting on the level of liquidity. The Board receives weekly and monthly information to enable it to consider the Group’s short and medium-term performance. If performance is not in line with forecast, the Group has a number of mitigating actions that could be implemented. The close monitoring of cash and cash flow forecasting is considered a priority for all members of the Board. Further details are included in the Financial Review pages of this Annual Report. n o i s n a p x e l a n o i t a n r e t n I l i a c n h c e t d n a m e t s y S l e p o e P s e i t i l i i c a f g n c n a n F i STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 2022 26 KEY PERFORMANCE INDICATORS BILLINGS Billings equates to the total value of invoices raised and cash sales through Group websites. This figure does not take account of accrued or deferred income adjustments that are required to comply with accounting standards.* * Billings equate to the total value (net of VAT) of invoices raised and cash sales through the Group’s websites. The figure does not take account of accrued or deferred income adjustments that are required to comply with UK-adopted International Financial Reporting Standards (“IFRS”) but is considered to provide useful information to the users of the Group’s financial information. Billings is considered by the Board to be a key metric for managing the business due to its direct relationship with cash-flow. Cash receipts are driven by billings achieved each month rather than by revenue recognised in accordance with IFRS AVERAGE FTE HEADCOUNT While the number of full-time equivalent (’FTE’) employees is not a KPI in itself, the size of the Revenue increase with only minimal headcount being added demonstrates the operational efficiences over the course of the financial year. Total billings (£000s) £14,794 +21% Total billings (£000s) 2021: £12,253 2018 2019 Total billings (£000s) 2020 Total billings (£000s) 2018 2021 12,253 2019 2022 2018 2020 2019 2021 2020 2022 Average FTE headcount 2021 12,253 Average FTE headcount 12,253 16,260 15,833 14,026 16,260 15,833 14,794 16,260 14,026 15,833 14,026 14,794 177 14,794 2022 2018 164 +10% 2019 FTE as at 31 March 2022: 164 Average FTE headcount FTE as at 31 March 2021: 149 2020 187 177 149 164 2018 177 Average FTE headcount 2021 2019 2022 2018 2020 2019 2021 2020 2022 2021 Billings per FTE (£) 2022 149 149 164 164 187 187 MONTHLY BILLINGS DIVIDED BY FTE EMPLOYEES 2018 This is an internal target given to the Group’s sales and marketing teams. 4,881 4,881 2019 Billings per FTE (£) Billings per FTE (£) 2020 £7,477 (25%) 2018 Billings per FTE (£) 2021 2021: £9,988 2019 2022 2018 2020 2019 2021 2020 2022 2021 Website visits (000s) 2022 2018 4,881 3,107 2019 Website visits (000s) 2020 3,552 6,307 6,307 6,307 7,465 7,465 7,477 7,465 7,477 7,477 4,902 4,902 4,902 4,312 3,107 3,552 3,107 3,691 2018 2021 Website visits (000s) 2019 2022 2018 2020 2019 2021 2020 4,312 2022 2021 Website revenue (£000s) 4,312 2022 2018 3,691 3,691 3,552 4,683 270 270 270 9,988 9,988 9,988 3,374 3,374 3,374 (4,336) (4,336) (4,336) 2019 2018 2021 2019 2022 2018 2020 2019 2021 2020 2021 2018 2022 2019 2020 2018 2021 2019 2022 2018 2020 2019 2021 2020 2022 2021 2022 Website revenue (£000s) 2020 2,293 Website revenue (£000s) 4,002 4,683 4,683 6,161 2,293 2,293 4,002 4,002 Underlying EBITDA (£000s) 2022 6,161 Underlying EBITDA (£000s) (1,501) Underlying EBITDA (£000s) (1,131) 1,662 6,161 1,662 954 1,662 (1,501) (1,131) (1,501) (1,131) 954 954 STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 2022 Total billings (£000s) Total billings (£000s) Total billings (£000s) 16,260 15,833 14,026 16,260 12,253 15,833 14,026 14,794 12,253 16,260 14,794 15,833 Average FTE headcount 2020 14,026 Average FTE headcount 2019 2022 14,794 270 149 270 2020 2022 Average FTE headcount 164 187 2018 2019 2020 2018 2019 2021 2020 2022 2021 2018 2022 2019 2018 2021 2020 2018 2019 2021 2021 2018 2022 2019 12,253 177 177 187 149 177 164 2020 Billings per FTE (£) 2021 149 187 2018 2022 Billings per FTE (£) 2019 4,881 164 7,465 2020 2018 2019 2021 6,307 7,465 4,881 2020 2022 Billings per FTE (£) 6,307 7,477 270 27 9,988 9,988 9,988 6,161 6,161 1,662 6,161 1,662 954 1,662 954 WEBSITE VISITS The Group invests significant funds into digital marketing in order to optimise our dominance of certain web search term results. There is a distinct correlation between website visits and sales, however, we remain careful to use the term ’correlation’ rather than ’causation’. 2021 2018 Website visits (000s) 2022 2019 4,881 4,312 +17% 2020 Website visits (000s) 2021: 3,691 2021 2018 2022 2019 Website visits (000s) 3,107 7,465 7,477 6,307 7,477 4,902 WEBSITE REVENUE 2022 2019 4,312 4,902 2020 2018 2019 2021 3,107 3,552 3,691 4,902 2020 2022 3,552 Website visits (000s) 2021 2018 3,107 3,691 4,312 This equates to debit and credit card sales via the website that turn into cash immediately. This is an important KPI as it is a key driver of the Group’s working capital. Furthermore, the Group refers to website sales trends to estimate the returns generated through digital marketing campaigns and, therefore, how to prioritise these accordingly. UNDERLYING EBITDA EBITDA (“Earnings Before Interest, Tax, Depreciation, Amortisation”) excludes share-based payment expenses (which are excluded as they are a non-cash expense) and exceptional costs in relation to acquisitions made in the year. 3,552 2020 Website revenue (£000s) Website revenue (£000s) 2021 2018 £6,161 +54% 4,312 2022 2019 2021: £4,002 Website revenue (£000s) 3,374 3,691 4,683 2020 2018 2019 2021 2,293 4,683 3,374 4,002 2020 2022 2,293 Website revenue (£000s) 2021 2018 4,002 4,683 2,293 3,374 2022 2019 Underlying EBITDA (£000s) 2020 2018 2021 2019 Underlying EBITDA (£000s) 2022 2020 2018 Underlying EBITDA (£000s) (4,336) 4,002 (1,501) 2019 2021 £954 +184% (4,336) 2020 2022 Underlying EBITDA (£000s) 2021: £(1,131) 2021 2018 (1,501) (1,131) (1,131) (4,336) 2022 2019 2020 2021 2022 The Strategic Report was approved by the Board of Directors and signed on its behalf. Alan Calder Director 30 August 2022 (1,501) (1,131) 954 STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 2022 28 STAKEHOLDER ENGAGEMENT GRC International Group plc / Annual Report & Accounts 2022 WE ENGAGE WITH OUR STAKEHOLDERS TO DEVELOP EFFECTIVE RELATIONSHIPS AND IMPROVE BUSINESS DECISIONS By understanding our stakeholders and listening to their views and feedback, we can factor into Board discussions the potential impact of our decisions on each stakeholder group and consider their needs and concerns. The Board undertakes regular reviews of the Company’s strategy and is actively involved in reviewing and approving changes which ultimately drive the future of the business. S172 STATEMENT As required by s172 of the Companies Act 2006, a director of a company must act in the way he/she considers, in good faith, would most likely promote the success of the company for the benefit of its shareholders. In so doing, the director must have regards amongst other matters to the: OUR STAKEHOLDERS MATERIAL TOPICS HOW WE ENGAGE OUTCOMES EMPLOYEES • Opportunities for development We have an experienced, diverse and dedicated workforce which The majority of our staff in all our geographic locations are now Engaging with our people enables us to create an inclusive company culture and a positive working environment. and progression • Opportunity to share ideas and make a difference • Diversity and inclusion • Help customers make better Social media is a key channel for mobilising customer Our classroom training business is now completely online, with decisions engagement. • Personalised customer propositions • Leveraging a deep understanding of their needs and views to create innovative solutions • Financial performance • Strategy and business model • Proactive approach to communication we recognise as the key asset of our business. It is vital to the permanently home-based. success of the Group to continue to create the right environment to encourage and create opportunities for individuals and teams to realise potential. To ensure regular communication flow in a remote working business we have daily online presentations and briefings from senior management, quarterly ‘all staff’ briefings, monthly senior The COVID-19 pandemic has changed the way people want to management cascade briefings and regular ‘in person’ team and work. We have an established work-from-home / remote working Group wide events. model that support international recruitment and flexible working arrangements. Following the introduction of the HR Software tool in the later part of FY19 we have much greater data accuracy, increased over Our remote working model is now well-established and we have a data, improved efficiency and a modern employment experience. range of practices in place that ensure ongoing engagement and involvement of staff across the Group. The Board is committed to ensuring clients receive high quality deliverables and that they are supported in managing the new model. marketing landscape. a bio secure training centre that has opened in Cambridgeshire with an innovative ’Learn from Anywhere’ multi-channel delivery We are successfully delivering 95% of our cyber security, privacy and continuity services remotely to customers across the world. We have a number of mechanisms through which our Investors showed their support for the Board and the Company’s shareholders have the opportunity to make their voices heard strategy by passing all resolutions at the Annual General Meeting and inform the direction and governance of our business. This is and supported the Company in a £3m oversubscribed share evidenced through our Annual General Meetings and investor placing that raised funds for continued investment in product roadshows. We also communicate with our shareholders through development and internal automation projects. the full-year and half-year results announcements, trading updates and other press releases issued by the Company through the year. We maintain an up-to-date website and use an investor relations advisory practice to facilitate clear and productive exchanges with shareholders. Likely consequences of any decision in the long term Interests of the company’s employees CUSTOMERS • • • • • • Need to foster the company’s business relationships with suppliers, customers and others Impact of the company’s actions on the community and environment Desirability of the company maintaining a reputation for high standards of business conduct Need to act fairly between members of the company Aside from the operational decisions required for the execution of the Group’s Strategy, and ongoing finance requirements, there are no other key decisions requiring disclosure. Listening to our customers helps us to better understand their needs and provide suitable and reliable products and services. SHAREHOLDERS Our shareholders are vital to the future success of our business, providing funds which aid business growth and the generation of sustainable returns. The Board recognises that relationships with our stakeholders are also key to the delivery of our strategy. The Board is committed to open engagement with our shareholders and provides all the necessary information needed to enable decision-making. THIRD PARTY SUPPLIERS Interaction with our suppliers and treating our suppliers fairly allows us to drive higher standards and reduce risk in our supply chain whilst benefiting from cost efficiencies and positive environmental outcomes. • Long-term partnerships • Collaborative approach • Open terms of business • Fair payment terms We operate in a way that safeguards against unfair business We regularly monitor the relationship and engagement approach practices and encourages suppliers and contractors to adopt with our third-party suppliers. responsible business policies and practices for mutual benefit. We aim to treat our suppliers fairly, holding ourselves to high We recognise that we must, where possible, integrate our business standards of business conduct and presenting a zero-tolerance values and operations to meet the expectations of our stakeholders, approach to practices which are at odds with our values and including customers, suppliers, the community and environment. culture, for example corruption, bribery and modern slavery. STRATEGIC REPORT29 OUR STAKEHOLDERS MATERIAL TOPICS HOW WE ENGAGE OUTCOMES EMPLOYEES Engaging with our people enables us • Opportunities for development and progression to create an inclusive company culture • Opportunity to share ideas and and a positive working environment. make a difference • Diversity and inclusion CUSTOMERS • Help customers make better Listening to our customers helps us to better decisions understand their needs and provide suitable • Personalised customer propositions and reliable products and services. • Leveraging a deep understanding of their needs and views to create innovative solutions SHAREHOLDERS • Financial performance Our shareholders are vital to the future • Strategy and business model • Proactive approach to communication success of our business, providing funds which aid business growth and the generation of sustainable returns. The Board recognises that relationships with our stakeholders are also key to the delivery of our strategy. The Board is committed to open engagement with our shareholders and provides all the necessary information needed to enable decision-making. THIRD PARTY SUPPLIERS • Long-term partnerships Interaction with our suppliers and treating • Collaborative approach our suppliers fairly allows us to drive higher standards and reduce risk in our supply chain whilst benefiting from cost efficiencies and positive environmental outcomes. • Open terms of business • Fair payment terms We have an experienced, diverse and dedicated workforce which we recognise as the key asset of our business. It is vital to the success of the Group to continue to create the right environment to encourage and create opportunities for individuals and teams to realise potential. The COVID-19 pandemic has changed the way people want to work. We have an established work-from-home / remote working model that support international recruitment and flexible working arrangements. Our remote working model is now well-established and we have a range of practices in place that ensure ongoing engagement and involvement of staff across the Group. The majority of our staff in all our geographic locations are now permanently home-based. To ensure regular communication flow in a remote working business we have daily online presentations and briefings from senior management, quarterly ‘all staff’ briefings, monthly senior management cascade briefings and regular ‘in person’ team and Group wide events. Following the introduction of the HR Software tool in the later part of FY19 we have much greater data accuracy, increased over data, improved efficiency and a modern employment experience. Social media is a key channel for mobilising customer engagement. The Board is committed to ensuring clients receive high quality deliverables and that they are supported in managing the new marketing landscape. Our classroom training business is now completely online, with a bio secure training centre that has opened in Cambridgeshire with an innovative ’Learn from Anywhere’ multi-channel delivery model. We are successfully delivering 95% of our cyber security, privacy and continuity services remotely to customers across the world. We have a number of mechanisms through which our shareholders have the opportunity to make their voices heard and inform the direction and governance of our business. This is evidenced through our Annual General Meetings and investor roadshows. We also communicate with our shareholders through the full-year and half-year results announcements, trading updates and other press releases issued by the Company through the year. We maintain an up-to-date website and use an investor relations advisory practice to facilitate clear and productive exchanges with shareholders. Investors showed their support for the Board and the Company’s strategy by passing all resolutions at the Annual General Meeting and supported the Company in a £3m oversubscribed share placing that raised funds for continued investment in product development and internal automation projects. We operate in a way that safeguards against unfair business practices and encourages suppliers and contractors to adopt responsible business policies and practices for mutual benefit. We recognise that we must, where possible, integrate our business values and operations to meet the expectations of our stakeholders, including customers, suppliers, the community and environment. We regularly monitor the relationship and engagement approach with our third-party suppliers. We aim to treat our suppliers fairly, holding ourselves to high standards of business conduct and presenting a zero-tolerance approach to practices which are at odds with our values and culture, for example corruption, bribery and modern slavery. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202230 30 STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202231 31 Governance IN THIS SECTION Governance Report Application of the QCA Code Board of Directors Audit Committee Report Remuneration Committee Report Directors’ Report 32 34 38 40 43 46 Statement of Directors’ Responsibilities 47 GOVERNANCEGRC International Group plc / Annual Report & Accounts 202232 GOVERNANCE REPORT On behalf of the Board of Directors, I am pleased to introduce the Group’s Corporate Governance Statement for the year ended 31 March 2022. Andrew Stephen Brode Non-Executive Chairman The Board believes that the current composition of the Board brings a desirable range of skills and experience in light of the Group’s challenges and opportunities following admission to AIM in 2018, while simultaneously ensuring that no individual or group can dominate the Board’s decision making. INTRODUCTION This statement of the report sets out GRC International Group plc’s approach to corporate governance and intends to provide information on how the Board and its Committees operate. As a Board, we take corporate governance very seriously, and I will continue to ensure that we maintain high standards throughout my tenure. As a company whose shares are traded on the AIM market of the London Stock Exchange, GRC International has chosen to monitor and report its compliance with the Quoted Companies Alliance (’QCA’) Corporate Governance Code (’the Code’) and its Statement of Compliance with the same can be found with information on governance arrangements on the Company website (https://www.grci.group/corporate- governance). Further information is provided in the table on pages 34 to 37 . This report seeks to inform shareholders about how it complies with the QCA Code, and where it departs from the QCA Code the Board will provide an explanation of the reason(s) for doing so. THE ROLE OF THE BOARD The Board is collectively responsible for GRC International’s performance and creating value for shareholders. The Board meets as often as required to effectively conduct its business. The Board is responsible for overseeing the management of the Group and approving the strategic direction of GRC International. COMPOSITION OF THE BOARD AND MEETINGS The QCA Code states that a company should have at least two non-executive directors. At the beginning of the year the Board comprised five Directors; three Executive Directors and two Non-Executive Directors, reflecting a blend of different experiences and backgrounds. On 13 May 2021 Steve Watkins (Executive Director) resigned his position on the Board with immediate effect. He continued to make himself available to the Board for a period to ensure smooth handover of his responsibilities. The Board believes that the current composition of the Board brings a desirable range of skills and experience in light of the Company’s challenges and opportunities following admission to AIM in March 2018, while simultaneously ensuring that no individual or group can dominate the Board’s decision making. The structure of the Board is designed to ensure that the Board focuses on the strategic direction of the Group, monitoring its performance, governance, risk and control issues. The Board meets regularly to review, formulate and approve the Group’s strategy, budgets, corporate actions and oversee the Group’s progress towards its goals. The Company will continue to appraise the structure of the Board on an ongoing basis. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2022 33 The table below sets out the Directors’ attendance at scheduled Board meetings during the period ended 31 March 2022, against the number of meetings each Board member was eligible to attend: Andrew Brode Alan Calder Christopher Hartshorne Stephen Watkins Ric Piper 10/10 10/10 10/10 1/1 10/10 At each Board meeting, the Directors follow a formal agenda, which is circulated in advance by the Company Secretary. BOARD COMMITTEES The Board has delegated specific responsibilities to the Audit Committee and the Remuneration Committee, details of which are set out below. Each Committee has written Terms of Reference setting out its duties, authorities and reporting responsibilities which can be obtained from the Company Secretary on application via https://www.grci.group/contact. Audit Committee The Audit Committee has the responsibility of reviewing and reporting to the Board on the Group’s financial reporting, internal control and risk management systems, the independence and effectiveness of the external auditor. The Audit Committee meets no less than two times in each financial year and has unrestricted access to the Group’s external auditor. The members of the Audit Committee comprise two Non-Executive Directors: Ric Piper (as Chairman) and Andrew Brode. More information about this Board Committee can be found in the Audit Committee Report on pages 40 to 42. Remuneration Committee The Remuneration Committee reviews the performance of the Executive Directors, Chairman of the Board and senior management of the Group and makes recommendations to the Board on matters relating to their remuneration and terms of service. The Remuneration Committee also makes recommendations to the Board on proposals for the granting of share options and other equity incentives pursuant to any employee share option scheme or equity incentive plans in operation from time to time. The Remuneration Committee meets as and when necessary, but at least once each year. In exercising this role, the Directors have regard to the recommendations put forward in the QCA Code and, where appropriate, the QCA Remuneration Committee Guide and associated guidance. The members of the Remuneration Committee include two Non-Executive Directors. The Remuneration Committee comprises Ric Piper (as Chairman) and Andrew Brode. More information about this Board Committee can be found in the Remuneration Committee Report on pages 43 to 45. Nomination Committee No nomination committee has been established. Instead, decision- making on matters of nomination and succession will be retained with the Board as a whole. This approach is considered appropriate considering the small size of the Board and is believed to enable all Board members to take an active involvement in the consideration of Board candidates and to support the Chair in matters of nomination and succession. BOARD EFFECTIVENESS In line with the requirements of the QCA Code, an annual evaluation process is undertaken which considers the effectiveness of the Board, its Committees and individual Directors. This review identifies areas for improvement, informs training plans for Directors and identifies areas of knowledge, expertise or diversity which should be considered in the Group’s succession plans. The evaluation did not take place on one specific date but via a series of conversations, both during and outside regular Board meetings. Conversations took place involving all members of the Board together and as one on one conversations led by the Chairman. In addition to the annual evaluation exercise, there remains an ongoing dialogue within the Board to ensure that it operates effectively and that any matters raised are addressed in a timely manner. The Board maintains strong relationships with external advisers and has access to advice as required. The performance of the Executive Directors is reviewed annually by the Remuneration Committee in conjunction with their annual pay review and the payment of bonuses. The Corporate Governance Statement was approved by the Board of Directors and signed on its behalf. Andrew Brode Chairman 30 August 2022 GOVERNANCEGRC International Group plc / Annual Report & Accounts 2022 34 APPLICATION OF THE QCA CODE EXPLANATION Compliant GOVERNANCE PRINCIPLE 1 Establish a strategy and business model which promote long-term value for shareholders. The Board is committed to delivering long-term value for GRC International’s shareholders. The Group’s business model and strategy is explained fully within the Strategic Report on pages 1 to 29. Details of the principal risks and uncertainties which the Board considers to be associated with the Group’s activities, together with the mitigating actions which are being pursued in relation to them, are set out on pages 24 to 25. GOVERNANCE PRINCIPLE 2 Seek to understand and meet shareholder needs and expectations. The Board attaches great importance to communication with all of GRC International’s shareholders. We encourage all our shareholders to attend our AGM, which provides a forum and time for shareholders’ questions and open discussions. Furthermore, feedback from investors is obtained through direct interaction with the Chief Executive Officer and Finance Director at meetings following its interim full-year results, and certain other ad hoc meetings that take place during the year. There is a regular dialogue with shareholders through the medium of the Company’s corporate broker, Dowgate Capital Ltd. The voting record at the Company’s general meetings is monitored and we are pleased that all resolutions proposed so far have been passed by shareholders (with a great majority being passed by 100% of attending votes). GOVERNANCE PRINCIPLE 3 Take into account wider stakeholder and social responsibilities and their implications for long- term success. As an international company, GRC International places significant importance on understanding and respecting different cultural and social values within the international realm in which it operates. The Group has adopted policies to encourage an open and transparent corporate culture, including policies addressing anti-slavery, anti-bribery and whistleblowing. We continue to adopt new policies and monitor existing policies on an ongoing basis. Details of the stakeholder engagement which the Board considers to be associated with the Group’s activities are set out in the S172 disclosure on 28 to 29. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2022GOVERNANCE PRINCIPLE 4 Embed effective risk management, considering both opportunities and threats, throughout the organisation. 35 EXPLANATION Compliant Details of the principal risks and uncertainties which the Board considers to be associated with the Group’s activities, together with the mitigating actions which are being pursued in relation to them, are set out on pages 24 to 25. The Company sets out in its annual report the steps taken to ensure that effective risk management is embedded within the Group’s culture. The Board has identified the principal business and financial risks and has implemented control procedures. The Group has an established framework of internal financial controls which is subject to review by the Directors and the Audit Committee considering the ongoing risks faced by the Group. The Board acknowledges its responsibility for reviewing the effectiveness of the systems that are in place to manage risk. However, no such system can provide absolute assurance against misstatement or loss. The Board considers that the internal controls that are in place are appropriate for the size and complexity of the Group. The key elements of the Group’s internal control environment include: • close involvement of the Executive Directors in the day-to-day running of the Group; • weekly Executive Committee meetings; • clear lines of authority and reporting established; • • centralised control and decision making over key areas such as capital expenditure and financing; and a suite of daily and monthly reports focusing on the key performance and risk areas. Such reports include detailed annual budget setting with monthly monitoring and daily reporting including reports on sales, orders and cash balances compared with budget. The Board, with the advice of the Audit Committee, has reviewed the effectiveness of the systems of internal control for the year to 31 March 2021. Given the current size of the Group and the close involvement of the Executive Directors in the day-to-day operations, the Group does not consider it necessary to have a separate financial internal audit function due to the Group’s size and its centralised administrative function but keeps this need under review. The Company receives regular feedback from its external auditors on the effectiveness of its internal controls and aims to implement any improvements identified. The Group undertakes regular updates and reviews of its business processes, co-ordinated by the Group quality function to ensure that it not only addresses basic financial controls but that non-financial controls are also in place over areas such as health and safety, environmental issues and adherence to law and regulations. Mitigation can only provide reasonable, but not absolute, assurance against material misstatement or loss. As such the Group maintains appropriate insurance cover for the Group’s activities, with the types of cover and insured values being reviewed on a periodic basis by the Board. The Group also has a Business Continuity Plan to manage significant risks such as the COVID-19 pandemic. GOVERNANCE PRINCIPLE 5 Evaluate Board performance based on clear and relevant objectives, seeking continuous improvement. In line with the requirements of the QCA Code, an annual evaluation process is undertaken which considers the effectiveness of the Board, its Committees and individual Directors. This review identifies areas for improvement, informs training plans for Directors and identifies areas of knowledge, expertise or diversity which should be considered in the Group’s succession plans. The process of Board evaluation is a continuous one as the Board communicates regularly as a group, picking up on matters where a particular Director’s time and efforts should be focused. Both the Chairman and the CEO hold regular one-to-one conversations with other members of the Board, with the Finance Director also communicating regularly with the Chairman of the Audit Committee. The Board is considered to be operating effectively and appropriately for the size and complexity of the Group. GOVERNANCEGRC International Group plc / Annual Report & Accounts 202236 APPLICATION OF THE QCA CODE CONTINUED GOVERNANCE PRINCIPLE 6 Maintain the Board as a well-functioning, balanced team led by the Chair. EXPLANATION Compliant The Board is responsible for taking all major strategic decisions and also addressing any significant operational matters. In addition, the Board reviews the risk profile of the Group and ensures that an adequate system of internal control is in place. The Board has a formal schedule of matters reserved for its approval and is supported by the Audit and Remuneration Committees. All Directors are required to devote sufficient time to carry out their role. The Board believes that the current composition of the Board brings a desirable range of skills and experience in light of the Company’s challenges and opportunities following admission to AIM in March 2018, while simultaneously ensuring that no individual or group can dominate the Board’s decision making. Non-Executive Directors have a time commitment to the Company of not less than eight days per annum including the attendance of Board meetings and the Company AGM. In addition, Non-Executive Directors are expected to devote appropriate preparation time ahead of each meeting. The structure of the Board is designed to ensure that the Board focuses on the strategic direction of the Group, monitoring its performance, governance, risk and control issues. The Board has considered Mr Brode’s independence and, notwithstanding his shareholding in the Company and his position as a debt provider, the Board considers that Mr Brode is of independent mind in regards to his interactions with the Company. Ric Piper is considered to be independent as described on page 39. The composition and experience of the Board is shown on pages 38 to 39 of the Annual Report. GOVERNANCE PRINCIPLE 7 Ensure that between them the Directors have the necessary up-to- date experience, skills and capabilities. The GRCI Board has, in its opinion, an appropriate balance of sector, financial and public market skills and experience, as well as an appropriate balance of personal qualities including gender balance and capabilities to successfully execute the Group’s strategy. The Board fully supports and funds any training, formally or otherwise, that is required by any individual Board member so as to ensure that their knowledge and experience remains relevant and effective. The Directors receive briefings at Board meetings on regulatory and other issues relevant to the Group and its business sector and may attend external courses to assist in their professional development. All Directors, the Audit Committee and Remuneration Committee are able to take independent professional advice in the furtherance of their duties, if necessary. A summary of the skills and experience of each Board member is included in their biographies on pages 38 to 39 of the Annual Report. GOVERNANCE PRINCIPLE 8 Promote a corporate culture that is based on ethical values and behaviours. The Board believes that the promotion of a corporate culture based on sound ethical values and behaviours is essential to creating a workplace environment that allows people to flourish and this will contribute to enhancing shareholder value. Each Director places great importance on demonstrating ethical behaviours, both during the decision-making process, and in the implementation and communication of strategic decisions. Senior managers are also encouraged to lead by example in the promotion of ethical values and behaviours. So far as possible, we ensure that these values are visible through our recruitment process, internal communications and management style, corporate reports and external announcements. GOVERNANCEGRC International Group plc / Annual Report & Accounts 202237 EXPLANATION Compliant GOVERNANCE PRINCIPLE 9 Maintain governance structures and processes that are fit for purpose and support good decision-making by the Board. The Board meets regularly throughout the year to consider strategy, performance and the framework of internal controls. A scheduled meeting calendar is arranged as far in advance as possible, and ad hoc meetings are held in person or by telephone when it is necessary for the Board to discuss specific issues. To enable the Board to discharge its duties, the Directors receive appropriate and timely information. A formal agenda and briefing papers are distributed to the Directors in advance of each Board meeting. The Directors have access to the advice and services of the Finance Director and Company Secretary, who is responsible for ensuring that the Board procedures are followed, and that applicable rules and regulations are complied with. The Board reviews its governance structures regularly to ensure they are fit for purpose and will carry out a review of the terms of the Audit and Remuneration Committees during financial year 2023. Further details on our governance structure and the role of our Board Committees are set out on pages 32 to 33. GOVERNANCE PRINCIPLE 10 Communicate how the Company is governed and is performing by maintaining a dialogue with shareholders and other relevant stakeholders. Our Group website (www.grci.group) sets out details of the Group and its activities, regulatory announcements and Company press releases, annual reports, half-year reports, notices of general meetings and information required by the AIM Rules for companies and the QCA Code. The ’Investors’ section of the Group website includes a dedicated ’Corporate Governance’ section, where our annual Corporate Governance Statements can be found (www.grci.group/corporate-governance). Further information can also be found in the Audit Committee report on pages 40 to 42 and the Remuneration Committee report on pages 43 to 45. GOVERNANCEGRC International Group plc / Annual Report & Accounts 202238 BOARD OF DIRECTORS Bringing a broad range of skills and a depth of experience The existing Directors of GRC International Group plc are listed below. The Directors’ Report on page 46 sets out details of the Directors who served during the year ended 31 March 2021. The Board is committed to maintaining high standards of corporate governance. The Company has adopted policies and procedures which reflect the principles of the QCA’s Corporate Governance Guidelines for Smaller Quoted Companies (’QCA Code’) as appropriate to a company whose shares are admitted to trading on AIM. ANDREW STEPHEN BRODE NON-EXECUTIVE CHAIRMAN ALAN PHILIP CALDER CHIEF EXECUTIVE OFFICER APPOINTMENT TO THE BOARD November 2012 APPOINTMENT TO THE BOARD April 2002 KEY SKILLS AND EXPERIENCE In 2012, Andrew acquired an initial shareholding in IT Governance Ltd before joining the board as a Non-Executive Director in November 2012. In 2014, he subscribed for further shares in IT Governance Ltd, increasing his shareholding to 22% (of the issued share capital of the company before admission). Andrew was appointed Non-Executive Chairman of the company in February 2018. As well as being a chartered accountant, Andrew has gained significant leadership experience on the boards of several listed companies. He was Chief Executive of Wolters Kluwer (UK) PLC between 1978 and 1990, and is currently Chairman of RWS Holdings plc and Learning Technologies Group plc. These roles, together with his extensive executive experience, ensure he is well placed to lead the board of GRC International Group PLC effectively. PRINCIPAL EXTERNAL APPOINTMENTS • Chairman of RWS Holdings plc • Chairman of Learning Technologies Group plc • Non-Executive Director of a number of private- equity-backed media companies KEY SKILLS AND EXPERIENCE As CEO and founder of IT Governance Ltd, Alan leads the senior team and is responsible for delivering GRC International Group PLC’s strategy. Before founding IT Governance Ltd in 2002, Alan held a number of roles, including CEO of Business Link London City Partners, CEO of Focus Central London and CEO of Wide Learning, the Outsourced Training Company, and was Chairman of CEME. Alan graduated from the University of Witwatersrand in 1978 before moving to the UK. He has written a number of books about IT management, including the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ ISO27002 (co-written with Steve Watkins), which is in its seventh edition and is the basis for the UK Open University’s postgraduate course on information security, and IT Governance – Guidelines for Directors. GOVERNANCEGRC International Group plc / Annual Report & Accounts 202239 CHRISTOPHER JOHN HARTSHORNE, FCCA RICHARD JOHN PIPER, ACA FINANCE DIRECTOR INDEPENDENT NON-EXECUTIVE DIRECTOR APPOINTMENT TO THE BOARD April 2017 APPOINTMENT TO THE BOARD February 2018 KEY SKILLS AND EXPERIENCE Chris spent nearly 15 years in public practice accountancy, qualifying with Deloitte before moving to PwC. He spent much of his public practice career supporting fast growth tech companies juggling organic growth, M&A, financing, and investment both on and off the public markets. He joined IT Governance Ltd in 2017 to bring that experience to an organisation where he saw significant potential and market opportunity. KEY SKILLS AND EXPERIENCE Ric has more than 40 years’ experience as a chartered accountant, including senior finance roles at ICI, Citicorp and Logica. He was also Group Finance Director at WS Atkins plc from 1993 to 2002. Ric advises a number of businesses in the engineering and technology sectors. He was a Member of the Financial Reporting Review Panel for ten years until 2019. PRINCIPAL EXTERNAL APPOINTMENTS • Partner at Restoration Partners • Non-Executive Director at Belluscura plc GOVERNANCEGRC International Group plc / Annual Report & Accounts 202240 AUDIT COMMITTEE REPORT Richard John Piper ACA Audit Committee Chair, Remuneration Committee Chair As Chairman of the Audit Committee, I am pleased to present this report of the Audit Committee (the ’Committee’) for the year ended 31 March 2022. This report is intended to explain how the Committee has met its responsibilities. From a ’business as usual’ perspective, there is nothing to bring to your specific attention. COMMITTEE MEMBERSHIP, MEETINGS AND ATTENDANCE MEMBERSHIP Throughout the year ended 31 March 2022, and since the year end to the date of this Report, the Committee comprised two Non- Executive Directors: • Ric Piper (Chairman of the Committee and independent Non- Executive Director); and • Andrew Brode (Chairman of the Board). Both Andrew Brode and Ric Piper are Chartered Accountants and the Board considers them to have recent and relevant financial experience. Further information on Mr Piper and Mr Brode can be found in the Directors’ biographies on pages 38 to 39. The Board considers that the Committee as a whole has competence relevant to the sector in which the Group operates. Meetings and attendance The Audit Committee met twice during the year ended 31 March 2022. The Committee has met with the external auditor to agree the Audit Plan. The Chief Executive Officer and the Finance Director are also routinely invited to Committee meetings. I will be available at the Annual General Meeting (’AGM’) to respond to any questions shareholders may raise on any of the Committee’s activities. From a ’business as usual’ perspective, there is nothing to bring to your specific attention. Last year the independent auditor’s report contained a material uncertainty related to going concern. There is no material uncertainty referred to in this year’s report, following the raising of funds and the improved trading performance. AIMS AND OBJECTIVES The Committee has responsibility for monitoring the integrity of the annual and interim financial statements and formal announcements relating to the Group’s financial performance, including advising the Board that the Annual Report is fair, balanced and understandable. It reviews significant financial reporting issues and accounting policies and disclosures in financial reports, the effectiveness of the Group’s internal control procedures and risk management systems and considers how the Group’s internal audit requirements shall be satisfied, making recommendations to the Board. It reviews the independent auditor’s audit strategy and implementation plan and its findings in relation to the Annual Report and Interim Financial Statements. The main duties of the Committee are set out in its Terms of Reference which are available from the Company Secretary on application via https://www.grci.group/contact. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2022 41 The attendance at the Audit Committee meetings is set out in the following table: • Andrew Brode Ric Pipe 2/2 2/2 Internal financial control systems: The Committee reviewed the observations made by the independent auditor, as part of the audit process, and management’s responses and actions. The Committee was satisfied that it was appropriate for the Board to make the statements regarding internal controls included in the Corporate Governance Statement. Since the year end, the Committee met privately with the independent auditor. Ric Piper, the Committee Chairman, also met privately with the senior statutory auditor, Tim Neathercoat, outside of the Committee meetings. OPERATION OF THE COMMITTEE Each year, the Committee works to a planned programme of activities which are focused on key events in the annual financial reporting cycle and other matters that are considered in accordance with its Terms of Reference. It provides oversight and guidance to contribute to the ongoing good governance of the business, particularly by providing assurance that shareholders’ interests are being properly protected by appropriate financial management, reporting and internal controls. The main activities of the Committee in the year ended 31 March 2022 are as follows: • • • Financial statements: The Committee reviewed the Annual Report. Presentations were made by management and the auditor about the key technical and judgemental matters relevant to the financial statements. Further information is provided below in the section ’Significant issues related to the financial statements’. Taxation: The Group operates under varied tax regimes. The completeness and valuation of provisions to cover the range of potential final determinations by the tax authorities of the Group’s tax positions are the subject of judgement. Further information is set out in note 6 to the financial statements. The provisions held by the Group were reviewed by management as at 31 March 2022. The Committee agreed with management’s assessment of the Group’s tax provisions. The Committee notes that the Group is committed to paying the correct amount of tax and receiving the correct amount of research and development tax credits and will only undertake transactions that have a genuine commercial purpose. Fair, balanced and understandable: The content and disclosures made in the Annual Report are subject to a verification exercise by management to ensure that no statement is misleading in the form and context in which it is included, no material facts are omitted which may make any statement of fact or opinion misleading, and implications which might be reasonably drawn from the statement are true. The Committee was satisfied that it was appropriate for the Board to approve the financial statements and that the Annual Report taken as a whole is fair, balanced and understandable such that it allows shareholders to assess the Group’s performance against the Group’s strategy and business model. Compliance reviews, both of financial and operational activities, were satisfactorily completed for the Group’s International Organisation for Standardisation (’ISO’) accreditations. Internal Audit is reported on above. The Chairman of the Committee reported to the Board on the Committee’s activities after each meeting, identifying relevant matters requiring communication to the Board and recommendations on the steps to be taken. SIGNIFICANT ISSUES RELATED TO THE FINANCIAL STATEMENTS The Committee reviewed the key judgements applied to a number of significant issues in the preparation of the financial statements. The review included consideration of the following: Revenue recognition and recoverability of accounts receivables The Group has well-developed accounting policies for revenue recognition – see the ’Principal accounting policies’ section in the financial statements. The Committee receives reports from management and from the independent auditor to ensure that the policies are complied with across the Group. The Board also receives regular reports on the collectability of aged accounts receivables, accrued income and deferred income. On the basis of these reports, the Committee concluded that it was content with the judgements that had been made. Intangibles: accounting As set out in the intangibles accounting policy in the financial statements, the Group has significant unamortised intangibles including goodwill. As at 31 March 2022, the Committee agreed with the management’s recommendation on capitalisation and that no impairment charge was required. Intangibles impairment assessments (including assumptions about future performance) are carried out at least annually by management and reviewed by the Board and the Committee. Further information about the important matters of assumptions, headroom and sensitivities is provided under note 9 Goodwill on page 75. Going concern The Group has recorded a loss for the year of £1.0 million (2021: £2.6 million) and at 31 March 2022 its current liabilities exceeded its current assets by £3.2 million (2021: £5.2 million). Notwithstanding this, the Directors consider it appropriate to prepare the financial statements on a going concern basis. Further information is provided under Principal Accounting Policies - Going concern on page 60. The financial statements do not include the adjustments that would be required should the going concern basis of preparation no longer be appropriate. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2022The independent auditor reports to the Committee on matters including independence and non-audit work, on an annual basis. RISK MANAGEMENT AND INTERNAL CONTROL The Group holds weekly Executive Directors’ meetings to discuss all business matters which includes risks and risk mitigation. Depending on the nature of the risk, it is escalated to the Committee and/or Board meetings for review. The Group’s principal risks and uncertainties and the Board’s approach to mitigation are set out on pages 24 and 25 of the Annual Report. EVALUATION OF THE COMMITTEE There are no matters to report to shareholders. APPROVAL This report was approved by the Committee, on behalf of the Board, and signed on its behalf by: Ric Piper Chair of the Audit Committee 42 INDEPENDENT AUDITOR The appointment of the independent auditor is approved by shareholders annually. The independent auditor’s audit of the financial statements is conducted in accordance with International Standards on Auditing (UK) (’ISAs’), issued by the Financial Reporting Council. There are no contractual obligations that act to restrict the Committee’s choice of external auditor. BDO LLP became the Group’s independent auditor for the financial year ended March 2019. This year, having considered the effectiveness and performance of the independent auditor, the Committee has recommended to the Board the appointment of BDO LLP as independent auditor of the Company for the next financial year. Services, independence and fees The independent auditor provides the following: • • A report to the Committee giving an overview of the results and judgements and observations on the control environment. An opinion on the truth and fairness of the Group financial statements. The Committee monitors the cost effectiveness of audit and any non-audit work performed by the independent auditor and also considers the potential impact, if any, of this work on independence. It recognises that certain work of a non-audit nature may be best undertaken by the independent auditor as a result of its unique position and knowledge of key areas of the Company. Approval is required, prior to the independent auditor commencing any material non-audit work, in accordance with a Group policy approved by the Committee. Certain work, such as providing bookkeeping services and taxation planning advice, is prohibited. The Committee requires that non-audit fees do not have any material negative impact on BDO’s independence. Further, the Committee seeks positive evidence of the independence of the independent auditor through its challenge to management. The Committee regularly reviews all fees for non-audit work paid to the independent auditor. As last year there were no fees paid to BDO LLP for non-audit work in the year ended 31 March 2022 or in the year ended 31 March 2021. The Committee will continue to keep the area of non-audit work under close review, particularly in the context of developing best practice on auditor’s independence. The Committee regulates the appointment of former employees of the independent auditor to positions in the Group. The independent external auditor also operates procedures designed to safeguard its objectivity and independence. These include the periodic rotation of the senior statutory auditor, use of independent concurring partners, use of a technical review panel (where appropriate) and annual independence confirmations by all staff. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2022 REMUNERATION COMMITTEE REPORT 43 On behalf of the Board, I am pleased to present the Directors’ Remuneration Report for the year ended 31 March 2022. This report is intended to explain how the Remuneration Committee (the ’Committee’) has met its responsibilities. Whilst there is no requirement for companies quoted on AIM to produce a formal Remuneration Report, the Committee prepares this Remuneration Report for information purposes in order to give shareholders, and other users of the financial statements, greater transparency about the way in which the Directors of GRC International Group plc are remunerated. This report sets out the remuneration paid to the Directors for the year ended 31 March 2022 and sets out the remuneration policy for the forthcoming financial year and beyond. The Committee’s Terms of Reference can be obtained from the Company Secretary on application via https://www.grci.group/ contact. In exercising their roles, the Directors shall have regard to the recommendations put forward in the QCA Code and, where appropriate, the QCA Remuneration Committee Guide and associated guidance. COMMITTEE MEMBERSHIP, MEETINGS AND ATTENDANCE MEMBERSHIP The Committee comprises two Non-Executive Directors: • Ric Piper (Chairman of the Committee and independent Non- Executive Director); and • Andrew Brode (Chairman of the Board). The Chief Executive Officer and the Finance Director only attend meetings by invitation from the Committee. They are not present when their own remuneration is being discussed. Meetings and attendance The Remuneration Committee met once during the year ended 31 March 2022. The attendance at the Remuneration Committee meetings is set out in the following table. We value the views of our shareholders and guidance issued by investor bodies. As Chair of the Committee, I will be available at the AGM to respond to any questions shareholders may raise on any of the Committee’s activities. Andrew Brode Ric Piper 1/1 1/1 AIMS AND OBJECTIVES The Committee has responsibility for determining the overall remuneration policies and practices within GRC International Group plc, taking into account applicable laws, regulations and the principles of good governance. In particular, the Committee is responsible for: • Setting the remuneration policy for all Executive Directors; • Approving their remuneration packages; • • • • Reviewing the ongoing appropriateness and relevance of the remuneration policy; Reviewing and approving the overall remuneration spend (fixed and variable) to ensure that evidence exists to demonstrate that awards have been adjusted where appropriate for risk and will not limit the ability to strengthen the capital base; Approving the design of, and determining targets for, all performance-related incentive plans operated by the Group and approving the total annual payments made under such plans; and Reviewing the design of all share incentive plans for approval by the Board and shareholders. For plans such as these, the Committee will make recommendations to the Board on proposals for the granting of share options, and other equity incentives, pursuant to any employee share option scheme or equity incentive plans in operation from time to time. REMUNERATION POLICY OBJECTIVES The main objective of the Committee is to ensure that the Company’s policy: • • • • Attracts, motivates and retains executives in order to deliver the Group’s strategic goals and business outputs; Encourages and supports a high-performance sales and service culture; Adheres to the principles of good corporate governance and appropriate risk management; and Aligns executives with the interests of shareholders and other key stakeholders. We remain committed to a remuneration policy that rewards high individual performance to drive strong results. BASIC SALARY The basic salaries of the Group’s Executive Directors will be reviewed on an annual basis. The Committee seeks to establish a basic salary for each position commensurate with the individual’s responsibilities and performance, taking into account comparable salaries for similar companies of a similar size in the same market. GOVERNANCEGRC International Group plc / Annual Report & Accounts 202244 DIRECTORS’ REMUNERATION The remuneration of each of the Directors during the year ended 31 March 2022 has been audited as part of the financial statements and is set out in detail below: Directors’ remuneration for the year ended 31 March 2022 Salary and fees All taxable benefits Annual bonuses Pension Andrew Brode Alan Calder Christopher Hartshorne Stephen Watkins - left the Board on 13th May 2021 Ric Piper - 220 135 14 35 - - - - - - - - - - - 33 1 - - Directors’ remuneration for the year ended 31 March 2021 Salary and fees All taxable benefits Annual bonuses Pension Andrew Brode Alan Calder Christopher Hartshorne Stephen Watkins Neil Acworth - left the Board on 17/02/2021 Ric Piper - 220 135 115 98 35 - - - - - - - - - - - - - 33 1 1 1 - Total for the year ended 2022 - 253 136 14 35 Total for the year ended 2021 - 253 136 116 99 35 The Executive Directors have entered into a service agreement with the Company. Each Director’s appointment will be terminable on six months’ notice given by either party and summarily by the Company in certain limited circumstances. Each Director has given certain non-compete and non- solicitation undertakings which will apply during his engagement and in respect of the period of 12 months post termination. There have been no changes between 31 March 2022 and the date that this Report was signed. Subject to approval by the independent shareholders of the Company of the 2022 AGM on the business day following the announcement of the AGM results 100,000 options will be granted to Mr Hartshorne. SHARE-BASED INCENTIVE SCHEMES In order to align the interests of shareholders and employees following admission to AIM, the Company adopted an employee share option scheme, as further detailed in the Group’s AIM admission document which is available on the Group’s website at https://www.grci.group/investors. Share options held at 31 March 2022 are set out below: Exercise price (pence per share) Total exercise value Shares Chris Hartshorne 315,000 42.85714 £135,000 50% of the options held by Chris Hartshorne vested and became exercisable from the date of admission to AIM. The remaining 50% had not vested at the year end. None of these options have been exercised. Following admission in March 2018 options were limited to a further 10% of the nominal value of the shares in issue at 6:00 p.m. (London time) on the date which is three business days following Admission. Options granted following Admission are subject to standard performance conditions, as determined and recommended by the Remuneration Committee in accordance with the plan rules. Directors’ share interests at 31 March 2022 are set out below: Alan Calder Calder family (including Alan's shares above) Andrew Brode Ric Piper Chris Hartshorne 27,397,311 shares (25.41%) 29,922,421 shares (27.75%) 13,972,108 shares (12.96%) 319,231 shares (0.30%) 11,760 shares (0.01%) Further information is provided in the Notice of Annual General Meeting. OTHER BENEFITS Depending on the exact terms of each individual Executive Director’s service contract with GRC International Group plc, they are entitled to a range of benefits including contributions to pension schemes. BONUSES Subsequent to the year end, on 23 June 2022 and reflecting the Executive Directors’ commitment and achievements over several challenging years, the committee awarded discretionary bonuses of 20% of respective salary to the two executive directors, totalling £71,000. No bonuses for executive directors had been awarded in the four years of FYs 19,20,21 or 22. The bonuses will be included in the Directors’ remuneration table in the Annual Report for FY23. NON-EXECUTIVE DIRECTORS The Group has two Non-Executive Directors: Andrew Brode, the Chairman and Ric Piper. Both Non-Executive Directors have letters of appointment. Initially for a three-year period from Admission to AIM in March 2018, appointments are now reviewed annually. The Non-Executive Directors’ letters of appointment do not provide specifically for any termination payments, although the Group might make payments in lieu of notice. GOVERNANCEGRC International Group plc / Annual Report & Accounts 202245 Non-Executive Director fees are determined by the Executive Directors, having regard to the requirement to attract high-calibre individuals with the right experience, the time requirements and the responsibilities incumbent on an individual acting as a Non- Executive Director for a company, such as GRC International Group plc, admitted to trading on AIM. The Non-Executive Directors are not eligible for annual discretionary bonuses and do not participate in the Group’s long-term incentive plans. At his request, the Chairman does not receive a Director’s fee or other remuneration. Ric Piper receives an annual fee of £35,000, paid monthly in arrears. EVALUATION OF THE COMMITTEE There is nothing to report to shareholders. APPROVAL This report was approved by the Committee, on behalf of the Board, and signed on its behalf by: Ric Piper Chair of the Remuneration Committee GOVERNANCEGRC International Group plc / Annual Report & Accounts 2022 46 DIRECTORS’ REPORT The Directors present their annual report on the affairs of the Group, together with the financial statements and Auditor’s Report, for the year ended 31 March 2022. The Corporate Governance Statement set out on pages 32 and 33 forms part of this report. There have been no significant events since the balance sheet date. An indication of likely future developments in the business of the Company are included in the Strategic Report. Information about the use of financial instruments by the Company and its subsidiaries is given in notes 17 and 18 to the financial statements. CAPITAL STRUCTURE AND DIVIDENDS The Board is not proposing a dividend for the year. Details of the authorised and issued share capital, together with details of the movements in the Company’s issued share capital during the year are shown in note 22 to the financial statements. The Company has one class of ordinary shares which carry no right to fixed income. Each share carries the right to one vote at general meetings of the Company. There are no specific restrictions on the size of a holding nor on the transfer of shares, which are both governed by the general provisions of the Articles of Association and prevailing legislation. The Directors are not aware of any agreements between holders of the Company’s shares that may result in restrictions on the transfer of securities or on voting rights. Details of employee share schemes are set out in note 24 to the financial statements. DIRECTORS’ INDEMNITIES The Company has made qualifying third-party indemnity provisions for the benefit of its Directors which were made during the year and remain in force at the date of this report. EMPLOYEE CONSULTATION The Group places considerable value on the involvement of its employees and has continued to keep them informed on matters affecting them as employees and on the various factors affecting the performance of the Group. This is achieved through formal and informal meetings, the Company magazine and a special edition for employees of the annual financial statements. Employee representatives are consulted regularly on a wide range of matters affecting their current and future interests. The employee share scheme has been running successfully since its inception on 12 February 2018. Options can be granted to any employee or Director within the Group. The Board may set performance or time conditions for vesting. The option holder indemnifies the Company against income tax and national insurance. Options are normally exercisable after they have vested. In addition, all employees receive an annual bonus related to the overall profitability of the Group. R&D ACTIVITY Research activity is expensed through the income statement as it is incurred. At the point where all relevant recognition criteria are met the expenditure incurred on internally guaranteed intangible fixed assets, where relevant to development activity, is capitalised in line with the Group’s accounting policy. AUDITOR Each of the persons who is a Director at the date of approval of this Annual Report confirms that: • • so far as the Director is aware, there is no relevant audit information of which the Group’s auditor is unaware; and the Director has taken all the steps that he/she ought to have taken as a Director in order to make himself/herself aware of any relevant audit information and to establish that the Group’s auditor is aware of that information. No person has any special rights of control over the Company’s share capital and all issued shares are fully paid. The Directors’ Report was approved by the Board of Directors and signed on its behalf. With regard to the appointment and replacement of Directors, the Company is governed by its Articles of Association, the Companies Act 2006 and related legislation. The Articles themselves may be amended by special resolution of the shareholders. The powers of Directors are described in the Main Board Terms of Reference, copies of which are available on request, and the Corporate Governance Statement on pages 32 and 33. Under its Articles of Association, the Company has authority to issue up to 10% of issued share capital. Directors The Directors, who served throughout the year, are as follows: • Andrew Brode – Non-Executive Chairman • Alan Calder – Chief Executive Officer • Christopher Hartshorne – Finance Director • Stephen Watkins – Executive Director – Resigned 13 May 2021 • Ric Piper – Independent Non-Executive Director Alan Calder Director GOVERNANCEGRC International Group plc / Annual Report & Accounts 2022 STATEMENT OF DIRECTORS’ RESPONSIBILITIES 47 The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Company’s transactions and disclose with reasonable accuracy at any time the financial position of the Company, and enable them to ensure that the financial statements comply with the requirements of the Companies Act 2006. They are also responsible for safeguarding the assets of the Group, and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities. The Directors are responsible for ensuring the Annual Report and the financial statements are made available on a website. Financial statements are published on the Group’s website in accordance with legislation in the United Kingdom governing the preparation and dissemination of financial statements, which may vary from legislation in other jurisdictions. The maintenance and integrity of the Group’s website is the responsibility of the Directors. The Directors’ responsibility also extends to the ongoing integrity of the financial statements contained therein. The Directors are responsible for preparing the Annual Report and the financial statements in accordance with applicable law and regulations. Company law requires the Directors to prepare financial statements for each financial period. Under that law the Directors have elected to prepare the Group’s Consolidated Financial Statements in accordance with UK adopted international accounting standards and the Company’s Financial Statements in accordance with United Kingdom generally accepted accounting practice (United Kingdom accounting standards and applicable law). Under company law the Directors must not approve the financial statements unless they are satisfied that they give a true and fair view of the state of affairs of the Group and Company and of the profit or loss of the Group for that period. The Directors are also required to prepare financial statements in accordance with the rules of the London Stock Exchange for companies trading securities on the AIM. In preparing these financial statements, the Directors are required to: • • • • select suitable accounting policies and then apply them consistently; make judgements and accounting estimates that are reasonable and prudent; state whether they have been prepared in accordance with IFRS subject to any material departures disclosed and explained in the financial statements; and prepare the financial statements on a going concern basis unless it is inappropriate to presume that the Group will continue in business. GOVERNANCEGRC International Group plc / Annual Report & Accounts 202248 48 STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 202249 49 Financial Statement IN THIS SECTION Independent Auditor’s Report Consolidated Income Statement Consolidated Statement of Comprehensive Income Consolidated Balance Sheet Consolidated Statement of Changes in Equity 50 56 56 57 58 Consolidated Statement of Cash Flows 59 Nature of Operations and General Information Notes to the Financial Statements Company Balance Sheet Company Statement of Changes in Equity Notes to the Company Financial Statements 60 69 87 88 89 GOVERNANCEGRC International Group plc / Annual Report & Accounts 202250 INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF GRC INTERNATIONAL GROUP PLC OPINION ON THE FINANCIAL STATEMENTS In our opinion: • the financial statements give a true and fair view of the state of the Group’s and of the Company’s affairs as at 31 March 2022 and of the Group’s loss for the year then ended; • • • the Group financial statements have been properly prepared in accordance with UK adopted international accounting standards; the Company financial statements have been properly prepared in accordance with United Kingdom Generally Accepted Accounting Practice; and the financial statements have been prepared in accordance with the requirements of the Companies Act 2006. We have audited the financial statements of GRC International plc (the ‘Company’) and its subsidiaries (the ‘Group’) for the year ended 31 March 2022 which comprise the Consolidated Income Statement, the Consolidated Statement of Comprehensive Income, the Consolidated Balance Sheet, the Consolidated Statement of Changes in Equity, the Consolidated Statement of Cash Flows, the Company Balance Sheet, the Company Statement of Changes in Equity and the notes to the financial statements, including a summary of significant accounting policies. The financial reporting framework that has been applied in the preparation of the Group financial statements is applicable law and UK adopted international accounting standards. The financial reporting framework that has been applied in the preparation of the Company financial statements is applicable law and United Kingdom Accounting Standards, including Financial Reporting Standard 101 Reduced Disclosure Framework (United Kingdom Generally Accepted Accounting Practice). BASIS FOR OPINION We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and applicable law. Our responsibilities under those standards are further described in the auditor’s responsibilities for the audit of the financial statements section of our report. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. INDEPENDENCE We remain independent of the Group and the Company in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard as applied to listed entities, and we have fulfilled our other ethical responsibilities in accordance with these requirements. CONCLUSIONS RELATING TO GOING CONCERN In auditing the financial statements, we have concluded that the Directors’ use of the going concern basis of accounting in the preparation of the financial statements is appropriate. Our evaluation of the Directors’ assessment of the Group and the Company’s ability to continue to adopt the going concern basis of accounting included: • • • • • • an examination of the terms of the Group’s borrowing arrangements and repayment plans for HMRC liabilities and compared the repayment terms to the Group’s projected cash flows; a critical assessment of the Directors’ financial forecasts and the underlying key assumptions, including operating and capital expenditure and forecast income. In doing so, we considered factors such as whether the forecast operating expenditure is reasonable in light of historic levels of expenditure and reliability of revenue forecasting by reference to historic revenue generation run rates in recent months, and industry growth rates; Consideration of the impact of low growth scenario prepared by the Directors on the Group’s ability to generate profits from future trading and on its forecast cash position; A mechanical check of the mathematical accuracy of the going concern model prepared by the Directors and the underlying calculations used within it; Obtaining information concerning the working capital position as at the last practical date for which information was available post year end and comparing this to the amounts assumed as at that date in the forecast trading scenarios; and An evaluation of the adequacy of disclosure made in the financial statements in respect of going concern, assessing whether information that is material to the Directors’ going concern assessment has been disclosed. Based on the work we have performed, we have not identified any material uncertainties relating to events or conditions that, individually or collectively, may cast significant doubt on the Group and the Company’s ability to continue as a going concern for a period of at least twelve months from when the financial statements are authorised for issue. Our responsibilities and the responsibilities of the Directors with respect to going concern are described in the relevant sections of this report. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2022INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF GRC INTERNATIONAL GROUP PLC CONTINUED OVERVIEW Coverage 74% (2021: 82%) of Group loss before tax 82% (2021: 84%) of Group revenue 90% (2021: 90%) of Group total assets Key audit matters Revenue recognition Impairment of goodwill and intangible assets Going concern 51 2022 2021 4 4 ✖ 4 4 4 Going concern is no longer considered to be a key audit matter following the improvement in trading, resulting in the Group’s ability to generate cash from operations, and the fundraising completed in January 2022. Materiality Group financial statements as a whole £222K (2021:£180K) based on 1.6% (2021: 1.6%) of revenue. AN OVERVIEW OF THE SCOPE OF OUR AUDIT Our Group audit was scoped by obtaining an understanding of the Group and its environment, including the Group’s system of internal control, and assessing the risks of material misstatement in the financial statements. We also addressed the risk of management override of internal controls, including assessing whether there was evidence of bias by the Directors that may have represented a risk of material misstatement. All full scope audit work and targeted procedures were performed by the Group engagement team and, as such, there was no involvement of other auditors in the audit of the Group’s financial statements. Including the Company, we identified 3 group companies as being significant components, and performed full scope audits on these components. We conducted further targeted procedures on balances in two other group companies. We subjected all other non-significant components to limited scope analytical procedures. KEY AUDIT MATTERS Key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the financial statements of the current period and include the most significant assessed risks of material misstatement (whether or not due to fraud) that we identified, including those which had the greatest effect on: the overall audit strategy, the allocation of resources in the audit, and directing the efforts of the engagement team. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters. REVENUE RECOGNITION Key Audit Matter The Group’s accounting policy for revenue recognition is disclosed on page 61 and the financial statements disclose further detail concerning the Group’s revenues in note 2. We considered that a significant risk of material misstatement existed in relation to the possibility of overstatement, either through fictitious invoicing or processing of otherwise fraudulent accounting entries. We formed this assessment having considered the susceptibility of the financial statements to fraud risks and we also identified that the risk was most likely to present itself in the Consultancy and Software revenue streams by virtue of the relative size of those revenue streams. Revenue overstatement may also have arisen through incomplete deferral of revenues invoiced pre year end but earned post year end because of the nature of the Group’s contracts and invoicing arrangements. We also considered the possibility that revenues may have been recorded in the incorrect accounting period to pose a significant risk of material misstatement. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202252 INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF GRC INTERNATIONAL GROUP PLC CONTINUED REVENUE RECOGNITION How the scope of our audit addressed the key audit matter Our procedures across revenues as a whole included an assessment of the compliance of the Group’s applied accounting policies to the requirements of IFRS 15 Revenue from Contracts with Customers and testing of invoices to supporting documentation including contracts, records of delivery or of performance of services, from sources outside the Group or from systems independent of the Group’s accounting systems. This enabled us to check that the Group’s accounting policies were not designed in such a way that revenues may be recorded in advance of the Group meeting its performance obligations. For a sample of revenues we checked that the underlying transactions had taken place (ie. by obtaining evidence that a service was provided) and the transactions were accurately recorded in the accounting records, and where appropriate the relevant proportion of revenue related to amounts invoiced prior to the year end were deferred in to future periods with reference to customer agreements, where the Group’s performance obligations had not been fully satisfied at the reporting date. We selected a sample of revenue items arising pre and post the year end from all revenue streams and traced these to supporting documentation (such as contracts or other evidence of delivery) to check that transaction had occurred and has been recorded in the correct period. Using data interrogation software, we have determined the accounts to which the contra revenue journals posted. This enabled us to identify whether there are any unexpected postings. On a sample basis, we have agreed journal entries posted to revenue to source documents, which enabled us to check that entries recorded in revenue arose from transactions that existed. Key observations Nothing has come to our attention as a result of performing the above procedures to suggest that revenues have been overstated or recorded in the incorrect period. IMPAIRMENT OF DQM GOODWILL AND INTANGIBLE ASSETS Key Audit Matter The Group’s accounting policy for impairment is disclosed on page 63 and the financial statements disclose further detail concerning the Group’s impairment testing in note 9. The financial statements also disclose, on page 68, information relating to the judgements and estimates in this area. In accordance with IAS 36 Impairment of Assets, goodwill is tested for impairment annually. The Group’s goodwill balance is included in the DQM cash generating unit (“CGU”), along with acquired finite-lived intangible assets. Management performed an impairment test on a value in use basis which requires significant management judgement over the timing and degree of certainty attaching to forecast net cash flows and the rate at which those future cash flows should be discounted to present value. The degree of management judgement involved and the high sensitivity of the conclusion to changes in key assumptions was the reason we assessed this area to be significant in our audit. How the scope of our audit addressed the key audit matter Our work on the impairment test prepared by management had a dual focus: firstly, to check the model was mechanically accurate and prepared in accordance with the detailed requirements of IAS36 and secondly, to check that the assumptions regarding future cash flows and the rate at which they had been discounted were appropriate to the CGU’s circumstances. We did this by: • • • • • • analysing industry growth forecasts and comparing that information to the impairment test growth forecasts; comparing historic performance with future budgeted performance; obtaining and comparing post year end trading and current pipeline of customer activity to that forecast; making enquiries of management at group and CGU level to identify any unusual factors in the impairment test forecasts or matters which may impact on the suitability of related assumptions, such as the discount rate; assessing with the assistance of our valuations experts the composition of the discount rate used; and recalculating the impairment test sensitivities prepared by management and checking that these are adequately disclosed in note 9. We used internal valuations experts in order to assist with our interrogation of the accuracy and technical operation of the impairment testing model. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2022INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF GRC INTERNATIONAL GROUP PLC CONTINUED 53 IMPAIRMENT OF DQM GOODWILL AND INTANGIBLE ASSETS Key observations We consider that the judgements and estimates made by management are within an acceptable range and that the overall conclusion the Directors have reached, that no impairment has arisen, is reasonable. The disclosures adequately explain the sensitivities and the impact that different, reasonable judgements in relation to DQM’s future cash flows and discount rate could have on the impairment calculations. OUR APPLICATION OF MATERIALITY We apply the concept of materiality both in planning and performing our audit, and in evaluating the effect of misstatements. We consider materiality to be the magnitude by which misstatements, including omissions, could influence the economic decisions of reasonable users that are taken on the basis of the financial statements. In order to reduce to an appropriately low level the probability that any misstatements exceed materiality, we use a lower materiality level, performance materiality, to determine the extent of testing needed. Importantly, misstatements below these levels will not necessarily be evaluated as immaterial as we also take account of the nature of identified misstatements, and the particular circumstances of their occurrence, when evaluating their effect on the financial statements as a whole. Based on our professional judgement, we determined materiality for the financial statements as a whole and performance materiality as follows: Materiality Group financial statements Company financial statements 2022 £’000 222 2021 £’000 180 2022 £’000 166 2021 £’000 140 Basis for determining materiality Set based on 1.6% of revenue Rationale for the benchmark applied We considered revenue to be the most appropriate performance measure as it reflects the volume of business undertak- en by the Group, which is a key measure of performance for the Group at this stage in its life cycle. Set based on 75% (2021: 78%) of group materiality Performance materiality 138 117 103 87 Basis for determining performance materiality Set based on 62% (2021: 65%) of materiality following evaluation inter alia of the expected total value of known and likely misstatements, management’s attitude to proposed adjustments, and the nature of our planned testing. COMPONENT MATERIALITY We set materiality for each component of the Group based on a percentage of between 17% and 75% (2021: between 20% and 78%) of Group materiality dependent on the size and our assessment of the risk of material misstatement of that component. Component materiality ranged from £37,000 to £166,000 (2021: £37,000 - £140,000). In the audit of each significant component, we further applied performance materiality levels of 62% (2021: 65%) of the component materiality to our testing to ensure that the risk of errors exceeding component materiality was appropriately mitigated. REPORTING THRESHOLD We agreed with the Audit Committee that we would report to them all individual audit differences in excess of £5,500 (2021: £4,500). We also agreed to report differences below this threshold that, in our view, warranted reporting on qualitative grounds. OTHER INFORMATION The Directors are responsible for the other information. The other information comprises the information included in the Annual Report and Accounts other than the financial statements and our auditor’s report thereon. Our opinion on the financial statements does not cover the other information and, except to the extent otherwise explicitly stated in our report, we do not express any form of assurance conclusion thereon. Our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the course of the audit, or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether this gives rise to a material misstatement in the financial statements themselves. If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard. OTHER COMPANIES ACT 2006 REPORTING Based on the responsibilities described below and our work performed during the course of the audit, we are required by the Companies Act 2006 and ISAs (UK) to report on certain opinions and matters as described below. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202254 INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF GRC INTERNATIONAL GROUP PLC CONTINUED Strategic Report and Directors’ Report In our opinion, based on the work undertaken in the course of the audit: • • the information given in the Strategic report and the Directors’ report for the financial year for which the financial statements are prepared is consistent with the financial statements; and the Strategic report and the Directors’ report have been prepared in accordance with applicable legal requirements. In the light of the knowledge and understanding of the Group and Company and its environment obtained in the course of the audit, we have not identified material misstatements in the strategic report or the Directors’ report. Matters on which we are required to report by exception We have nothing to report in respect of the following matters in relation to which the Companies Act 2006 requires us to report to you if, in our opinion: • • • • adequate accounting records have not been kept by the Parent Company, or returns adequate for our audit have not been received from branches not visited by us; or the Parent Company financial statements are not in agreement with the accounting records and returns; or certain disclosures of Directors’ remuneration specified by law are not made; or we have not received all the information and explanations we require for our audit. RESPONSIBILITIES OF DIRECTORS As explained more fully in the Statement of Directors’ Responsibilities, the Directors are responsible for the preparation of the financial statements and for being satisfied that they give a true and fair view, and for such internal control as the Directors determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, the Directors are responsible for assessing the Group’s and the Company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the Directors either intend to liquidate the Group or the Company or to cease operations, or have no realistic alternative but to do so. AUDITOR’S RESPONSIBILITIES FOR THE AUDIT OF THE FINANCIAL STATEMENTS Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. EXTENT TO WHICH THE AUDIT WAS CAPABLE OF DETECTING IRREGULARITIES, INCLUDING FRAUD Irregularities, including fraud, are instances of non-compliance with laws and regulations. We design procedures in line with our responsibilities, outlined above, to detect material misstatements in respect of irregularities, including fraud. The extent to which our procedures are capable of detecting irregularities, including fraud is detailed below: The objectives of our audit, in respect to fraud, are to identify and assess the risks of material misstatement of the financial statements due to fraud; to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud through designing and implementing appropriate responses, and to respond appropriately to fraud or suspected fraud identified during the audit. However, the primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management. Our approach was as follows: • We obtained an understanding of the legal and regulatory frameworks that are applicable to the Group and the industries in which it operates, and considered the risk of acts by the Group that would be contrary to applicable laws and regulations, including due to fraud. We designed audit procedures at Group and significant component levels to respond to the risk. We examined minutes of board meetings, made enquiries of the Directors and testing a sample of legal expenditure to check compliance with laws and regulations that could give rise to a material misstatement in the financial statements including, but not limited to, the Companies Act 2006 and relevant tax legislation. • • We understood how the Group complies with legal and regulatory frameworks by making enquiries of management and those responsible for legal and compliance procedures. We corroborated our enquiries through our review of board minutes. We assessed the susceptibility of the Group’s financial statements to material misstatement, including how fraud might occur by meeting with management to understand where it is considered there was a susceptibility to fraud. We also considered potential fraud drivers including financial or other pressures, opportunity, and personal or corporate motivations. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2022INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF GRC INTERNATIONAL GROUP PLC CONTINUED 55 • We considered the programmes and controls that the Group has established to address the risks identified, or that otherwise prevent, deter and detect fraud and how senior management monitors those programmes and controls. Where the risk was considered to be higher, we performed audit procedures to address each identified fraud risk. These procedures included testing journals, using data interrogation tools to identify accounting entries which we considered were indicative of management override. We corroborated such journals to supporting documentation. We also reviewed the consolidation journals and other adjustments made in the preparation of the financial statements to check these were in line with our expectation of journals required on consolidation. We also challenged assumptions made by management in key areas of estimation uncertainty or judgement, for example in the Group’s testing of goodwill and intangible asset impairment (see key audit matters above) and intangible asset capitalisation. • We also communicated relevant identified laws and regulations and potential fraud risks to all engagement team members and remained alert to any indications of fraud or non-compliance with laws and regulations throughout the audit. Our audit procedures were designed to respond to risks of material misstatement in the financial statements, recognising that the risk of not detecting a material misstatement due to fraud is higher than the risk of not detecting one resulting from error, as fraud may involve deliberate concealment by, for example, forgery, misrepresentations or through collusion. There are inherent limitations in the audit procedures performed and the further removed non-compliance with laws and regulations is from the events and transactions reflected in the financial statements, the less likely we are to become aware of it. A further description of our responsibilities is available on the Financial Reporting Council’s website at: www.frc.org.uk/ auditorsresponsibilities. This description forms part of our auditor’s report. USE OF OUR REPORT This report is made solely to the Company’s members, as a body, in accordance with Chapter 3 of Part 16 of the Companies Act 2006. Our audit work has been undertaken so that we might state to the Company’s members those matters we are required to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the Company and the Company’s members as a body, for our audit work, for this report, or for the opinions we have formed. Tim Neathercoat (Senior Statutory Auditor) For and on behalf of BDO LLP, Statutory Auditor London 30 August 2022 BDO LLP is a limited liability partnership registered in England and Wales (with registered number OC305127). FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202256 CONSOLIDATED INCOME STATEMENT FOR THE YEAR ENDED 31 MARCH Revenue Cost of sales Gross profit Administrative expenses Other operating income Operating loss Net finance costs Share of post-tax loss of equity-accounted joint ventures Loss before taxation Taxation Loss for the financial year Loss for the financial year attributable to: Equity shareholders of the parent Basic loss per share (pence) Diluted loss per share (pence) Notes 2 4 4 4 5 6 7 7 2022 £’000 13,902 (5,698) 8,204 (9,141) 240 (697) (304) (2) (1,003) 6 (997) (997) (0.98) (0.98) 2021 £’000 11,760 (5,614) 6,146 (8,882) 148 (2,588) (247) – (2,835) 264 (2,571) (2,571) (2.58) (2.58) All of the Group’s loss relates to continuing operations. The accompanying accounting policies and notes form an integral part of these financial statements. CONSOLIDATED STATEMENT OF COMPREHENSIVE INCOME FOR THE YEAR ENDED 31 MARCH Loss for the year Other comprehensive (loss)/profit – items that may subsequently be reclassified to profit/loss: Exchange differences on translation of foreign operations Other comprehensive (loss)/profit for the financial year Total comprehensive loss for the financial year Total comprehensive loss attributable to equity shareholders of the parent The accompanying accounting policies and notes form an integral part of these financial statements. 2022 £’000 (997) (1) (1) (998) (998) 2021 £’000 (2,571) 4 4 (2,567) (2,567) FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2022CONSOLIDATED BALANCE SHEET AS AT 31 MARCH Assets Non-current assets Goodwill Intangible assets Property, plant and equipment Investments in equity-accounted joint ventures Current assets Inventories Trade and other receivables Cash at bank Current liabilities Trade and other payables Borrowings Lease liabilities Current tax Net current liabilities Non-current liabilities Trade and other payables Borrowings Lease liabilities Deferred tax liability Net assets Equity Share capital Share premium Merger reserve Share-based payment reserve Translation reserve Accumulated deficit Total equity 57 2021 £’000 6,804 5,765 426 7 13,002 33 1,694 233 1,960 (5,986) (863) (197) (127) (7,173) (5,213) – (460) (83) (340) (883) 6,906 100 13,227 4,276 126 (8) (10,815) 6,906 Notes 9 10 11 12 13 14 15 16 19 6 15 16 19 6 21 22 2022 £’000 6,804 5,630 325 17 12,776 – 1,612 2,099 3,711 (5,935) (722) (117) (127) (6,901) (3,190) (73) (329) (145) (338) (885) 8,701 108 16,012 4,276 126 (9) (11,812) 8,701 The financial statements were approved by the Board of Directors and authorised for issue on 30 August 2022 and were signed on its behalf by: Chris Hartshorne Director Company registration number: 11036180 The accompanying accounting policies and notes form an integral part of these financial statements. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202258 CONSOLIDATED STATEMENT OF CHANGES IN EQUITY FOR THE YEAR ENDED 31 MARCH For the year ended 31 March 2022 Balance at 1 April 2021 Loss for the year Foreign exchange difference on consolidation Total comprehensive loss for the year Shares issued Cost of share issue Transactions with owners At 31 March 2022 For the year ended 31 March 2021 Share capital £ Share premium £ Merger reserve £ Share-based payment reserve £ Retained earnings £ Translation reserve £ 100 13,227 4,276 126 (10,815) – – – 8 – 8 108 – – – 2,992 (207) 2,785 16,012 – – – – – – – – – – – – (997) – (997) – – – 4,276 126 (11,812) (8) – (1) (1) – – – (9) Share capital £ Share premium £ Merger reserve £ Share-based payment reserve £ Retained earnings £ Translation reserve £ Balance at 1 April 2020 Loss for the year Foreign exchange difference on consolidation Total comprehensive loss for the year Shares issued Transactions with owners At 31 March 2021 100 13,182 4,276 – – – – – – – – 45 45 – – – – – 100 13,227 4,276 171 – – – (45) (45) 126 The accompanying accounting policies and notes form an integral part of these financial statements. (8,289) (2,571) – (2,571) 45 45 (12) – 4 4 – – Total £ 6,906 (997) (1) (998) 3,000 (207) 2,793 8,701 Total £ 9,428 (2,571) 4 (2,567) 45 45 (10,815) (8) 6,906 FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2022CONSOLIDATED STATEMENT OF CASH FLOWS FOR THE YEAR ENDED 31 MARCH Cash flows from operating activities Loss for the year Adjustments for: Depreciation of plant and equipment Amortisation of right of use assets Amortisation of intangible fixed assets Loss on disposal of fixed assets Foreign exchange loss/(gains) Share of post-tax loss of equity-accounted joint ventures Finance expenses Income tax expense Decrease in inventories Decrease in trade and other receivables Increase in trade and other payables Income tax refund Net cash inflow from operating activities Investing activities Purchase of intangible assets Purchase of plant and equipment Acquisition of joint venture investment Net cash inflow from investing activities Financing activities Proceeds from issue of shares Costs of share issue Repayment of acquired contingent consideration liability Proceeds from borrowings Repayment of borrowings Interest paid Interest on lease liability on right-of-use assets Payments of lease liabilities on right-of-use assets Net cash inflow/(outflow) from financing activities Net increase/(decrease) in cash and cash equivalents Cash and cash equivalents at beginning of financial year Effects of exchange rate changes on cash and cash equivalents Cash and cash equivalents at end of financial year Comprising Cash at bank 59 Notes 2022 £’000 2021 £’000 (997) (2,571) 91 143 1,367 50 18 2 304 (6) 972 33 83 28 1,116 5 1,121 (1,231) (47) (13) (1,291) 3,000 (207) – 546 (836) (245) (69) (155) 2,034 1,864 233 2 2,099 2,099 156 194 1,107 4 (22) – 247 (264) (1,149) 28 588 2,560 2,027 187 2,214 (1,168) (35) – (1,203) – – (100) 710 (1,249) (186) (43) (168) (1,036) (25) 245 13 233 233 10 22 16 16 14 The accompanying accounting policies and notes form an integral part of the financial statements. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202260 NATURE OF OPERATIONS AND GENERAL INFORMATION The Group accumulated PAYE and VAT arrears as part of its response to the unprecedented trading environment through FY21, in respect of which it has formally agreed repayment plans with HMRC totalling £1.7 million, of which £0.7 million has since been paid, and remaining amounts totalling £1.0 million to be paid over the next 17 months. The Group has factored the repayments, along with other contractual payments in relation to lease liabilities and borrowings, into both its short-term cash flow planning and its longer-term integrated profit and loss, balance sheet and cash flow forecast by month which runs to 31 March 2024 (“the going concern review period”). Additionally, the Directors have prepared a sensitised forecast with lower than expected revenues and appropriate cost reduction measures. The revenues in the sensitised forecast are 16% lower than in the Group’s base case forecast. The sensitised forecast does not identify a potential cash shortfall in any month and includes the same assumptions for settlement of HMRC liabilities, lease liabilities and borrowings as the base case forecast. In January 2022 the Group raised £3 million (approximately £2.8 million net of costs) via the placing of new shares to strengthen the balance sheet and accelerate organic growth. In addition to the year end cash balance of £2.1 million the Group had access to additional liquidity via undrawn available facilities in excess of £0.5 million. The current cash balances amounts to £0.6 million in line with budget. The Directors have reviewed the Group’s forecasts and projections to 31 March 2024 which, taking account of reasonably possible changes in trading performance, show that the Group is able to generate sufficient liquidity to continue in operational existence for the foreseeable future. Specifically, the forecast and the sensitised forecast include estimates for the impact of inflation. To the extent that these estimates turn out to be insufficient in the current climate the Directors are confident that there is sufficient flexibility in discretional spend to absorb cost increases resulting from the current macro-economic and geo-political uncertainty. On this basis, taken together with the group’s current liquidity from the January 2022 fundraise, the Directors believe that the Group will be able to generate sufficient cash through its normal business trading to enable it to continue to meet, as and when they fall due, its liabilities arising over the going concern review period. In making this assessment the Directors have assessed the maturity of the group’s liabilities, which at 31 March 2022 were comprised of the amounts set out in note 18, and are satisfied that the group will have the available financial resources to settle these amounts as they fall due and that no material uncertainty exists. For this reason, the Directors continue to adopt the going concern basis in the preparation of its financial statements. GRC International Group plc (GRC International Group or ’the Company’) is a public limited company limited by shares, incorporated and domiciled in England and Wales. The registered company number is 11036180 and the registered office is Unit 3 Clive Court, Bartholemew’s Walk, Cambridgeshire Business Park, Ely, Cambridgeshire, CB7 4EA. The principal activities of GRC International Group plc and its subsidiary companies (together, the ’Group’) are those of a one- stop shop for IT Governance including books, tools, learning and consultancy services. The Directors of GRC International Group are responsible for the financial information and contents of the consolidated financial statements. PRINCIPAL ACCOUNTING POLICIES Basis of preparation The consolidated financial statements of GRC International Group plc and entities controlled by the Company (its subsidiaries) for the years presented has been prepared in accordance with UK-adopted international accounting standards. The consolidated financial statements have been prepared on a historical cost basis. Basis of consolidation The results for the year ended 31 March 2022 and 31 March 2021 include the results of GRC International Group plc and its subsidiaries. A subsidiary is a company controlled directly by the Group. Control is achieved where the Group has the power over the investee, rights to variable returns and the ability to use the power to affect the investee’s returns. Income and expenses of subsidiaries acquired during the year are included in the Consolidated Income Statement from the effective date of control. When necessary, adjustments are made to the financial statements of subsidiaries to bring their accounting policies into line with those used by the Group. All intra-Group transactions, balances, income and expenses are eliminated in full on consolidation. The principal accounting policies adopted are set out below. These accounting policies comply with each IFRS that is mandatory for accounting periods ending on 31 March 2022. Going concern The financial statements have been prepared on a going concern basis. The Group has recorded a loss for the year of £1.0 million (2021: £2.6 million) and at 31 March 2022 its current liabilities exceeded its current assets by £3.2 million (2021: £5.2 million). The global COVID-19 pandemic negatively impacted monthly billings (and in turn revenues) through much of FY21, but from late in Q3 FY21 the Group saw performance improvements and was back to consistently positive EBITDA before the end of that year. Throughout FY22 the Group has delivered consistently EBITDA positive monthly results and a full year positive EBITDA result of £1.0 million, and trading has continued in this manner into FY23. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202261 Revenue The type of products and range of services sold across the Group fall within the following four revenue streams: • Consultancy • Publishing/Distribution • Learning • Software To determine whether to recognise revenue, the Group follows a five-step process: 1. Identifying the contract with a customer; 2. Identifying the performance obligations; 3. Determining the transaction price; 4. Allocating the transaction price to the performance obligations; and 5. Recognising revenue when/as performance obligation(s) are satisfied. Revenue is recognised either at a point in time or over time, when the Group satisfies performance obligations by transferring the promised goods or services to its customer. The Group often enters into transactions involving a range of the Group’s products and services, for example for the delivery of consultancy, training, software and related after-sales service. In all cases, the total transaction price for a contract is allocated net of discounts amongst the various performance obligations based on their relative stand-alone selling prices. The transaction price for a contract excludes any amounts collected on behalf of third parties. The Group recognises contract liabilities for consideration received in respect of unsatisfied performance obligations and reports these amounts as deferred income in the statement of financial position. Similarly, if the Group satisfies a performance obligation before it receives the consideration, the Group recognises either a contract asset or a receivable in its statement of financial position, depending on whether something other than the passage of time is required before the consideration is due. In practice, contract assets rarely arise due to the timing of invoices raised under the terms of the Group’s contracts. All material contracts which span a financial reporting period will be reviewed on an individual basis with the five-step application of IFRS 15 applied, based upon the type of product sold. Customer rights to refunds are limited and are not considered material to the financial statements. Products and services Nature, timing of satisfaction of performance obligations and significant payment terms CONSULTANCY On-site and remote support consulting services, helping organisations to design and implement data protection and cyber security policies and procedures. The Group recognises revenue over time as the services in the contract are performed, generally based on the consultants’ estimates of the progress of the work. Revenue from consultancy services which are either a performance obligation within a larger arrangement or are sold on a stand- alone basis is generally recognised over time where the Group agrees to provide labour hours/days. Contracts state a broad list of activities that the services may include. The contracts state daily/ hourly rates and estimated amounts to be billed. Contracts state that the Group will not exceed the total amount without prior written approval. Where the performance obligations within an agreement are considered to represent services that are substantially the same, these will form a single performance obligation with labour days/ hours representing the progress measure. Several contracts define the only obligation as support for customer-led projects, and again in these cases it will be considered that there is one performance obligation with labour hours being the progress measure. Revenue is recognised over a time, when a) the Group’s performance does not create an asset with an alternative use to the Group and b) the entity has an enforceable right for performance completed to date. This is true for all services provided on a time basis. PUBLISHING/DISTRIBUTION The Group sells books, documentation templates and software via its websites, both that it publishes or writes itself, and also supplied by third parties. The Group also creates and sells sets of documentation templates that are used by customers to assist them to document IT systems and procedures. The Group recognises revenue at the point in time when control of the asset is transferred to the customer. The product becomes under the control of the customer when the book/software/toolkit is delivered to them. This is when the customer has legal title to the asset or has physical possession of the asset. For the sale of physical soft copy books and CD-ROMs, revenue is recognised when the goods are delivered. For the sale of downloadable books, revenue is recognised when the goods are made available to download by the customer. Where a product with a subscription or licence is sold on behalf of a third party the revenue is recognised straight away as the Group has completed its performance obligation. The full cost of the product sold by the Group in respect of a third-party sale is charged to the Income Statement when the revenue is recognised. NATURE OF OPERATIONS AND GENERAL INFORMATIONCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202262 Products and services Nature, timing of satisfaction of performance obligations and significant payment terms LEARNING The Group sells ’in person’ classroom-based training courses related to data protection, cyber security, ISO 27001 certification and related topics. The courses range from one to five days in length and are held at hired premises. The Group also provides courses at customers’ premises for organisations that require training for a number of their employees. The courses are aimed at various different areas of IT governance and at different skill levels. SOFTWARE The Group creates and sells software solutions. Maintenance and Support (’M&S’) arrangements are usually sold on a stand- alone basis as a renewal of an existing arrangement usually running over a 12-month period. Generally, the first time M&S is sold is when the customer initially buys the software. There are no material rights to consider in connection with renewal options. Revenue is recognised on ‘Classroom Based Training Courses’ and ‘Online Training Courses’ over the duration of the Training Course. Revenue is recognised on ‘Distance Learning Based Training Courses,’ when the customer gains control of the course material, at the date the online course is made available to them. Once the course is made available the Group has fulfilled its contractual obligation to deliver. The date the user accesses and uses the course is not considered relevant. Revenue is recognised on ‘e-Learning Courses’ dependent on the type of service provided. ‘e-Learning’ is split into four types: • • • • e-Learning Hosting Services – An additional annual fee for LMS (Learning Management System) hosting of the e-learning courses. Customers are not obliged to but can buy our standard ‘off-the- shelf’ ‘Hosting’ area. All hosted client courses will be hosted on our LMS. Each client will be given their own space, which can be branded with their logo and company colours. The e-learning course files hosted on our LMS will be the same for all clients, and each client will have a space in the course layout to add any extra information they need, such as documents, links and contact details. Revenue is recognised on ‘e-Learning Hosting Services’ over time as the customer has access to the hosting area. Revenue is then pro-rated equally over the period (normally 12 months) to which the service relates. Revenue is recognised on ‘e-Learning Courses’ when the customer obtains control. The course becomes under the control of the customer when the online course is made available to access. e-Learning Set Up Costs – Organisations/customers can contract the Group to ‘customise’ the e-learning courses to their organisation’s specifications (i.e. company logo/branding etc.). Revenue is recognised on ‘e-Learning Set Up Costs’ when the customer obtains control of the course material. The product becomes under the control of the customer when the online courses are made available to access. e-Learning Training – Organisations/customers can contract the Group to provide training for the e-learning courses. This is a one-off fee and the Training is a pre-agreed number of hours or days as requested by the customer. Revenue is recognised on ‘e-Learning Training’ when the customer gains control. The product comes under the control of the customer on the first day of the Training Course. Revenue from the sale of software for a fixed fee is recognised when or as the Group gives access to the customer to download the software. Software revenue recognition: • Performance obligations are satisfied at a point in time when the Group has a right to payment for the software, the customer has legal right to use the software under the terms of the software licence agreement, and the Group has physically transferred the software to the customer. These criteria are all met at the point in time that the Group transfers the software. Where software is sold under a SaaS arrangement, revenue is recognised evenly over the period of the arrangement as the Group fulfils its performance obligations. • • • • The Group does not undertake activities which significantly affect the intellectual property post delivery of the software which would prevent revenue being recognised at a point in time. The Group does not provide free Maintenance and Support type services as part of the licensing arrangements. Revenue from the sale of Maintenance and Support arrangements are always sold on a stand-alone basis or as a renewal of an existing arrangement usually running over a 12-month period, as explained below. Furthermore the technical support and software updates are distinct. This is because the customer can benefit from the licence with or without the Maintenance and Support contract. Technical support: the customer benefits from the technical support as that support is provided. The contracted support period is generally 12 months, so the customer obtains the benefit over the 12-month period. Accordingly, it is appropriate to recognise support revenue over a 12-month period. Software updates: all software updates are unspecified within Maintenance and Support arrangements with updates being made as and when available. The customer will continue to receive updates during the Maintenance and Support period and accordingly will benefit from the updates as they are provided. Accordingly, it is appropriate to recognise revenue over a 12-month period. NATURE OF OPERATIONS AND GENERAL INFORMATIONCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202263 Finance income and costs Interest income and expense is recognised using the effective interest method which calculates the amortised cost of a financial asset or liability and allocates the interest income or expense over the relevant period. The effective interest rate is the rate that exactly discounts estimated future cash receipts or payments through the expected life of the financial asset or liability to the net carrying amount of the financial asset or liability. Goodwill Goodwill arising on business combinations is reviewed and tested on an annual basis or more frequently if there is indication that goodwill might be impaired. Goodwill is allocated to cash-generating units (’CGUs’), which are determined as the lowest level of detail available for the assets to generate cash inflows relating to goodwill. Goodwill represents the future economic benefits arising from business combinations which are not individually identified and separately recognised. Goodwill is initially measured as the excess of the aggregate of the consideration transferred and the fair value of non-controlling interest over the net identifiable assets acquired and liabilities assumed. If the consideration is lower than the fair value of the net assets of the subsidiary acquired, the difference is recognised in profit or loss. Goodwill is carried at cost less any accumulated impairment losses until disposal or termination of the previous acquired business when the profit or loss on disposal or termination will be calculated after charging the gross amount at current exchange rates of any such goodwill through the income statement. Intangible assets Acquired intangible assets An intangible asset is recognised if it is probable that the expected future economic benefits that are attributable to the asset will flow to the Group and the cost of the asset can be measured reliably. Internally developed intangible assets Expenditure on research activities is recognised as an expense as incurred. Costs that are directly attributable to a project’s development phase are recognised as intangible assets, provided they meet the following recognition requirements: • • • • • the development costs can be measured reliably; the project is technically and commercially feasible; the Group intends to and has sufficient resources to complete the project; the Group has the ability to use or sell the software; and the software will probably generate future economic benefits. Development costs not meeting these criteria for capitalisation are expensed as incurred. Directly attributable costs include an apportionment of employee costs incurred on internal development assets. Internal development assets include software, website costs, courseware, marketing tools, consultancy products and publishing products. Subsequent measurement The useful lives of all intangible assets are assessed as finite. Intangible assets with finite lives are amortised over the useful economic life and assessed for impairment whenever there is an indication that the intangible asset may be impaired. The amortisation period and the amortisation method for an intangible asset with a finite useful life are reviewed at least at the end of each reporting period. Changes in the expected useful life or the expected pattern of consumption of future economic benefits embodied in the asset are accounted for by changing the amortisation period or method prospectively. The amortisation expense on intangible assets with finite lives is recognised in the income statement within administrative expenses. Gains or losses arising from derecognition of an intangible asset are measured as the difference between the net disposal proceeds and the carrying amount of the asset and are recognised in the income statement when the asset is derecognised. Amortisation is calculated on a straight-line basis over the estimated useful life of the asset as follows: Trademarks Software Website costs Marketing tools Courseware Publishing products Consultancy products Customer relationships 10 years 5 years 5–10 years 3 years 10 years 4 years 10 years 12 years Any capitalised internally developed intangible asset that is not yet complete is not amortised but is subject to annual impairment testing. Subsequent expenditures on the maintenance of computer software are expensed as incurred. Customer relationships Acquired customer relationships comprise principally of existing customer relationships which may give rise to future orders (customer relationships). Acquired customer relationships are recognised at fair value at the acquisition date and are expected to have a finite useful life of 12 years in line with the expected cash flows. Acquired customer relationships are stated at cost less accumulated amortisation and impairment. Property, plant and equipment Property, plant and equipment are stated at historical cost less depreciation less any recognised impairment losses. Cost includes expenditure that is directly attributable to the acquisition or construction of these items. Subsequent costs are included in the asset’s carrying amount only when it is probable that future economic benefits associated with the item will flow to the Group and the costs can be measured reliably. All other costs, including repairs and maintenance costs, are charged to the Income Statement in the period in which they are incurred. NATURE OF OPERATIONS AND GENERAL INFORMATIONCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202264 Depreciation is provided on all property, plant and equipment and is calculated as follows: Leasehold improvements Computer equipment Office equipment 10 years straight-line basis or the lease term if shorter 25–33% reducing balance basis 25% reducing balance basis Depreciation is provided on cost less residual value. The residual value, depreciation methods and useful lives are annually reassessed. Each asset’s estimated useful life has been assessed with regard to its own physical life limitations and to possible future variations in those assessments. Estimates of remaining useful lives are made on a regular basis for all machinery and equipment, with annual reassessments for major items. Changes in estimates are accounted for prospectively. Assets held under finance leases are depreciated over their expected useful lives on the same basis as owned assets. However, when there is no reasonable certainty that ownership will be obtained by the end of the lease term, assets are depreciated over the shorter of the lease term and their useful lives. The gain or loss arising on disposal or scrapping of an asset is determined as the difference between the sales proceeds, net of selling costs, and the carrying amount of the asset and is recognised in the Income Statement. Impairment of non-financial assets For the purposes of impairment testing, goodwill is allocated to each of the Group’s CGUs that is expected to benefit from the synergies of the combination. Each unit to which goodwill is allocated represents the lowest level within the Group that independent cash flows are monitored. A cash-generating unit to which goodwill has been allocated is tested for impairment annually, or more frequently when there is indication that the unit may be impaired. At each balance sheet date, the Directors review the carrying amounts of the Group’s non-current assets, other than goodwill, to determine whether there is any indication that those assets have suffered an impairment loss. If any such indication exists, the recoverable amount of the asset is estimated in order to determine the extent of the impairment loss, if any. Where the asset does not generate cash flows that are independent from other assets, the Directors estimate the recoverable amount of the cash-generating unit to which the asset belongs. Recoverable amount is the higher of fair value less costs of disposal and value in use. In assessing value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current market assessments of the time value of money and the risks specific to the asset for which the estimated future cash flows have not been adjusted. If the recoverable amount of an asset or cash-generating unit is estimated to be less than its carrying amount, the carrying amount of the asset or cash-generating unit is reduced to its recoverable amount. The impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit pro rata based on the carrying amount of each asset in the unit. An impairment loss is recognised as an expense immediately. An impairment loss recognised for goodwill is not reversed in subsequent periods. Where an impairment loss on non-financial assets subsequently reverses, the carrying amount of the asset or cash-generating unit is increased to the revised estimate of its recoverable amount, but so that the increased carrying amount does not exceed the carrying amount that would have been determined had no impairment loss been recognised for the asset or cash- generating unit in prior periods. A reversal of an impairment loss is recognised in the Income Statement immediately. Inventory Inventory is stated at the lower of cost and net realisable value, being the estimated selling price less costs to complete and sell. Cost is based on the cost of purchase on a weighted average basis. At the balance sheet date, inventories are assessed for impairment. If inventories are impaired, the carrying amount is reduced to its selling price less costs to complete and sell. The impairment loss is recognised immediately in profit or loss. Cash at bank Cash at bank comprises cash on hand, deposits held at call with banks and other short-term highly liquid investments with original maturities of three months or less from inception. Financial instruments Recognition and derecognition Financial assets and financial liabilities are measured initially at fair value plus transaction costs. After their initial recognition, financial assets and financial liabilities are measured subsequently as described below. Financial assets and financial liabilities are recognised when the Group becomes a party to the contractual provisions of the financial instrument. Financial assets are derecognised when the contractual rights to the cash flows from the financial asset expire, or when the financial asset and substantially all the risks and rewards are transferred. A financial liability is derecognised when it is extinguished, discharged, cancelled or expires. When a financial liability and a financial asset relating to the same contract exist these are offset. Classification and initial measurement of financial assets Except for those trade receivables that do not contain a significant financing component and are measured at the transaction price in accordance with IFRS 15, all financial assets are initially measured at fair value adjusted for transaction costs (where applicable). Financial assets are classified as ’Amortised cost’ financial assets. In the periods presented the Group does not have any financial assets categorised as either FVTPL or FVOCI. The classification is determined by both: • The entity’s business model for managing the financial asset; and • The contractual cash flow characteristics of the financial asset. All income and expenses relating to financial assets that are recognised in profit or loss are presented within finance NATURE OF OPERATIONS AND GENERAL INFORMATIONCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202265 costs, finance income or other financial items, except for impairment of trade receivables which is presented within other administrative expenses. FINANCIAL ASSETS AT AMORTISED COST Financial assets are measured at amortised cost if the assets meet the following conditions (and are not designated as FVTPL): • • They are held within a business model whose objective is to hold the financial assets and collect its contractual cash flows; and The contractual terms of the financial assets give rise to cash flows that are solely payments of principal and interest on the principal amount outstanding. SUBSEQUENT MEASUREMENT OF FINANCIAL ASSETS After initial recognition, these are measured at amortised cost using the effective interest method. Discounting is omitted where the effect of discounting is immaterial. The Group’s cash and cash equivalents, trade and most other receivables fall into this category of financial instruments. IMPAIRMENT OF FINANCIAL ASSETS IFRS 9’s impairment requirements use forward-looking information to recognise expected credit losses – the expected credit loss (’ECL’) model. Instruments within the scope of these requirements include loans and other debt-type financial assets measured at amortised cost, trade receivables and loan commitments. The Group considers a broader range of information when assessing credit risk and measuring expected credit losses, including past events, current conditions, and reasonable and supportable forecasts that affect the expected collectability of the future cash flows of the instrument. In applying this forward-looking approach, a distinction is made between: • • Financial instruments that have not deteriorated significantly in credit quality since initial recognition or that have low credit risk (‘Stage 1’); and Financial instruments that have deteriorated significantly in credit quality since initial recognition and whose credit risk is not low (‘Stage 2’). Stage 3 would cover financial assets that have objective evidence of impairment at the reporting date. The Group assesses impairment of trade receivables on a collective basis and as they possess shared credit risk characteristics they have been grouped based on the days past due. Refer to note 14 for further details. CLASSIFICATION AND MEASUREMENT OF FINANCIAL LIABILITIES The Group’s financial liabilities include trade and other payables, borrowings and contingent consideration. Financial liabilities are initially measured at fair value, and, where applicable, adjusted for transaction costs unless the Group designates a financial liability at fair value through profit or loss. Subsequently, financial liabilities are measured at amortised cost using the effective interest method except for financial liabilities designated at FVTPL, which are carried subsequently at fair value with gains or losses recognised in profit or loss. All interest-related charges and, if applicable, changes in an instrument’s fair value that are reported in profit or loss are included within finance costs or finance income. Borrowings Borrowings, including bank overdrafts, are classified as current liabilities unless the Group has an unconditional right to defer the settlement of the liability for at least 12 months after the balance sheet date. Foreign currency The presentational currency for the Group’s consolidated financial statements is Sterling. Foreign currency transactions by Group companies are recorded in their functional currencies at the exchange rate at the date of the transaction. Monetary assets and liabilities have been translated at rates in effect at the balance sheet date, with any resulting exchange adjustments being charged or credited to the Income Statement, within administrative expenses. On consolidation the assets and liabilities of the subsidiaries with a functional currency other than Sterling are translated into the Group’s presentational currency at the exchange rate at the balance sheet date and the Income Statement items are translated at the average rate for the period. The exchange difference arising on the translation from functional currency to presentational currency of subsidiaries is classified as other comprehensive income and is accumulated within equity as a translation reserve. 12-month expected credit losses are recognised for the first category while ‘lifetime expected credit losses’ are recognised for the second and third category. The balance of the foreign currency translation reserve relating to a subsidiary that is disposed of, or partially disposed of, is recognised in the Income Statement at the time of disposal. Measurement of the expected credit losses is determined by a probability-weighted estimate of credit losses over the expected life of the financial instrument. TRADE AND OTHER RECEIVABLES AND CONTRACT ASSETS The Group makes use of a simplified approach in accounting for trade receivables as well as contract assets and records the loss allowance as the lifetime expected credit losses. These are the expected shortfalls in contractual cash flows, considering the potential for default at any point during the life of the financial instrument. In calculating, the Group uses its historical experience, external indicators and forward- looking information to calculate the expected credit losses using a provision matrix. Current taxation Current taxation for each taxable entity in the Group is based on the local taxable income at the local statutory tax rate enacted or substantively enacted at the balance sheet date and includes adjustments to tax payable or recoverable in respect of previous periods. Deferred taxation Deferred taxation is calculated using the liability method, on temporary differences arising between the tax bases of assets and liabilities and their carrying amounts in the consolidated financial statements. However, if the deferred tax arises from the NATURE OF OPERATIONS AND GENERAL INFORMATIONCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202266 initial recognition of an asset or liability in a transaction other than a business combination that at the time of the transaction affects neither accounting nor taxable profit or loss, it is not accounted for. No deferred tax is recognised on initial recognition of goodwill or on investment in subsidiaries. Deferred tax is determined using tax rates and laws that have been enacted or substantively enacted by the balance sheet date and are expected to apply when the related deferred tax asset is realised or the deferred tax liability is settled. Measurement and recognition of leases as a lessee At lease commencement date, the Group recognises a right- of-use asset and a lease liability on the balance sheet. The right-of use asset is measured at cost, which is made up of the initial measurement of the lease liability, any initial direct costs incurred by the Group, an estimate of any costs to dismantle and remove the asset at the end of the lease, and any lease payments made in advance of the lease commencement date (net of any incentives received). Deferred tax liabilities are provided in full, to the extent they would crystallise after using any available losses, and are not discounted. Deferred tax assets are recognised to the extent that it is probable that future taxable profits will be available against which the temporary differences can be utilised. Changes in deferred tax assets or liabilities are recognised as a component of tax expense in the Income Statement, except where they relate to items that are charged or credited directly to equity, in which case the related deferred tax is also charged or credited directly to equity. Deferred income tax assets and liabilities are offset when there is a legally enforceable right to offset current tax assets against current tax liabilities and when the deferred income tax assets and liabilities relate to income taxes levied by the same taxation authority on either the same taxable entity or different taxable entities where there is an intention to settle the balances on a net basis. Employment benefits Provision is made in the financial statements for all employee benefits. Liabilities for wages and salaries, including non- monetary benefits and annual leave obliged to be settled within 12 months of the balance sheet date, are recognised in accruals. Contributions to defined contribution pension plans are charged to the Income Statement in the period to which the contributions relate. Leases For any new contracts entered into on or after 1 April 2019, the Group considers whether a contract is, or contains, a lease. A lease is defined as ‘a contract, or part of a contract, that conveys the right to use an asset (the underlying asset) for a period of time in exchange for consideration’. To apply this definition the Group assesses whether the contract meets three key evaluations which are whether: • • • the contract contains an identified asset, which is either explicitly identified in the contract or implicitly specified by being identified at the time the asset is made available to the Group; the Group has the right to obtain substantially all of the economic benefits from use of the identified asset throughout the period of use, considering its rights within the defined scope of the contract; or the Group has the right to direct the use of the identified asset throughout the period of use. The Group assesses whether it has the right to direct ‘how and for what purpose’ the asset is used throughout the period of use. The Group depreciates the right-of-use assets on a straight-line basis from the lease commencement date to the earlier of the end of the useful life of the right-of-use asset or the end of the lease term. The Group also assesses the right-of-use asset for impairment when such indicators exist. At the commencement date, the Group measures the lease liability at the present value of the lease payments unpaid at that date, discounted using the interest rate implicit in the lease if that rate is readily available or, if not, the Group’s incremental borrowing rate. Assets and liabilities arising from a lease are initially measured on a present value basis. Lease liabilities include the net present value of the following lease payments: • fi xed payments (including in-substance fixed payments), less any lease incentives receivable; • variable lease payments that are based on an index or a rate; • • • amounts expected to be payable by the lessee under residual value guarantees; the exercise price of a purchase option if the lessee is reasonably certain to exercise that option; and payments of penalties for terminating the lease, if the lease term reflects the lessee exercising that option. Right-of-use assets are measured at cost comprising the following: • • the amount of the initial measurement of lease liability; any lease payments made at or before the commencement date less any lease incentives received; • any initial direct costs; and • restoration costs. Subsequent to initial measurement, the liability will be reduced for payments made and increased for interest. It is remeasured to reflect any reassessment or modification, or if there are changes in fixed payments. When the lease liability is remeasured, the corresponding adjustment is reflected in the right-of-use asset, or profit and loss if the right-of- use asset is already reduced to zero. The Group has elected to account for short-term leases and leases of low-value assets using the practical expedients available under IFRS 16. Instead of recognising a right-of-use asset and lease liability, the payments in relation to these are recognised as an expense in profit or loss on a straight-line basis over the lease term. NATURE OF OPERATIONS AND GENERAL INFORMATIONCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202267 Equity Equity comprises the following: • • • • • • ’Share capital’ represents the nominal value of equity shares issued. ’Share premium’ represents amounts subscribed for share capital, net of issue costs, in excess of nominal value. ’Merger reserve’ represents the excess of the fair value of the consideration received for the issue of shares over the nominal value of shares issued in circumstances where the merger relief provisions of the Companies Act 2006 apply. ’Share-based payment reserve’ represents the accumulated value of share-based payments. ’Retained earnings’ represents the accumulated profits and losses attributable to equity shareholders. ’Translation reserve’ represents the exchange differences arising from the translation of the financial statements of subsidiaries into the Group’s presentational currency. Share-based payments Equity-settled share-based payments to employees and Directors are measured at the fair value of the equity instrument. The fair value of the equity-settled transactions with employees and Directors is recognised as an expense over the vesting period. The fair value of the equity instruments is determined at the date of grant, taking into account vesting conditions. The fair value of goods and services received is measured by reference to the fair value of options. The fair values of share options are measured using the Black- Scholes model. The expected life used in the model is adjusted, based on management’s best estimate of the effects of non- transferability, exercise restrictions and behavioural considerations. The cost of equity-settled transactions is recognised, together with a corresponding increase in equity, over the period in which the performance and/or service conditions are fulfilled, ending on the date on which the relevant employees become fully entitled to the award (the ’vesting date’). The cumulative expense recognised for equity-settled transactions at each reporting date until the vesting date reflects the extent to which the vesting period has expired and the Group’s best estimate of the number of equity instruments that will ultimately vest. The Income Statement charge or credit for a period represents the movement in cumulative expense recognised as at the beginning and end of that period. No expense is recognised for awards that do not ultimately vest, except for awards where vesting is conditional upon a market condition, which are treated as vesting irrespective of whether or not the market condition is satisfied, provided that all other performance and/or service conditions are satisfied. Where the terms of an equity-settled award are modified, the minimum expense recognised is the expense as if the terms had not been modified. An additional expense is recognised for any modification which increases the total fair value of the share- based payment arrangement, or is otherwise beneficial to the employee as measured at the date of modification. Where an equity-settled award is cancelled, it is treated as if it had vested on the date of cancellation, and any expense not yet recognised for the award is recognised immediately. However, if a new award is substituted for the cancelled award, and designated as a replacement award on the date that it is granted, the cancelled and new awards are treated as if they were a modification of the original award, as described in the previous paragraph. Where an equity-settled award is forfeited, the cumulative charge expensed up to the date of forfeiture is credited to the Income Statement. Segment reporting An operating segment is a component of an entity that engages in business activities from which it may earn revenues and incur expenses (including revenues and expenses related to transactions with other components of the same entity), whose operating results are regularly reviewed by the entity’s Chief Operating Decision Maker to make decisions about resources to be allocated to the segment and assess its performance, and for which discrete financial information is available. The Chief Operating Decision Maker has been identified as the Board of Executive Directors, at which level strategic decisions are made. Details of the Group’s reportable operating segments are provided in note 1. New and amended International Financial Reporting Standards adopted by the Group The following accounting standards, interpretations, improvements and amendments have become applicable for the current period and although the Group has adopted them, they have had no material impact on the Group. These comprise: • Amendments to IFRS 9, IAS 39 and IFRS 7: Interest Rate Benchmark Reform - phase 2. Endorsed accounting standards effective in future periods The Directors considered the impact on the Group of other new and revised accounting standards, interpretations or amendments that are currently endorsed but not yet effective. The Directors do not expect any other standards to have a significant impact on the Group’s results. International Financial Reporting Standards in issue but not yet effective At the date of authorisation of the consolidated financial statements, the IASB and IFRS Interpretations Committee have issued standards, interpretations and amendments which are applicable to the Group, however they have decided not to adopt early. The following amendments are effective for the period beginning 1 April 2022. • • • Onerous contracts cost of fulfilling a contract (Amendments to IAS 37); Property, Plant and Equipment: Proceeds before intended use (Amendments to IAS 16); Annual improvements to IFRS Standards 2018-2020 (Amendments to IFRS 1, IFRS 9, IFRS 16 and IAS S 41); and • References to Conceptual framework (Amendments to IFRS 3). NATURE OF OPERATIONS AND GENERAL INFORMATIONCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202268 The following amendments are effective for the period beginning 1 January 2023. adopted in 2021 and 2022 is that of not recognising any deferred tax asset. Identification of performance obligations in customer contracts The identification of performance obligations in customer contracts requires management to exercise judgement to determine both the nature of the performance obligations and when those obligations are delivered in order to recognise revenue appropriately in the correct amount and in the correct accounting period. Consultancy, Software and Training revenue streams are where this judgement has been made. Going concern The identification by management of the Group to continue as a going concern is a key judgement and has been explained further on page 60. ESTIMATION UNCERTAINTY Information about estimates and assumptions that have the most significant effect on recognition and measurement of assets, liabilities, income and expenses is provided below. Actual results may be substantially different. The estimates and assumptions that have a significant risk of causing a material adjustment to the carrying amounts of assets and liabilities within the next financial year are discussed below. Estimates and assumptions • Impairment of goodwill estimate of future cash flows and determination of the discount rate (note 10): Estimation is required in determining whether goodwill is impaired or not. The Group tests annually whether goodwill has suffered any impairment. The recoverable amounts of the DQM CGUs have been determined based on value-in- use calculations. The principal assumptions used to determine value-in-use relate to future cash flows and the weighted average cost of capital. Changes in the estimate of the weighted average cost of capital or future cash flows and growth rates over the assessment period could reduce the level of headroom. The key assumptions used for the value-in-use calculations and sensitivity analysis are set out in note 9. • • • Disclosure of Accounting Policies (Amendments to IAS 1 and IFRS practice statement 2); Definition of Accounting Estimates (Amendments to IAS 8); and Deferred Tax related to Assets and Liabilities arising from a single transaction (Amendments to IAS 12). New/revised International Financial Reporting Standards which are not considered likely to have an impact on the Group’s financial statements going forwards have been excluded from the above. Management anticipates that all relevant pronouncements will be adopted in the Group’s accounting policies for the first period beginning after the effective date of the pronouncement. SIGNIFICANT MANAGEMENT JUDGEMENTS IN APPLYING ACCOUNTING POLICIES AND KEY SOURCES OF ESTIMATION UNCERTAINTY The preparation of the consolidated financial statements requires management to make judgements, estimates and assumptions that affect the application of policies and reported amounts of assets and liabilities, income and expenses. These estimates, judgements and assumptions are based on historical experience and other factors that are believed to be reasonable under the circumstances. Actual results may differ from these estimates. The areas which require the most use of management estimation and judgement are set out below. The following are significant management judgements in applying the accounting policies of the Group that have the most significant effect on the financial statements. Internally developed intangible assets Determining whether the recognition requirements for the capitalisation of development costs are met requires judgement. Management considers the criteria set out in IAS 38 in advance of capitalising any project costs. After capitalisation, management monitors whether the recognition requirements continue to be met and whether there are any indicators that capitalised costs may be impaired. Should a different judgement be taken, the amounts capitalised may differ from those presented in note 10, affecting administrative expenses and the results for the year. Judgement is also required as identify is any impairment triggers have arisen in the year which would require estimation of the recoverable amount of an asset. Recognition of deferred tax assets The extent to which deferred tax assets can be recognised is based on an assessment of the probability that future taxable income will be available against which the deductible temporary differences and timing differences on capital allowances can be utilised. In addition, significant judgement is required in assessing the impact of any legal or economic limits or uncertainties in various tax jurisdictions. Judgement is also applied in the recognition of deferred tax assets in respect of losses, based on management’s view of the availability of future profits to offset such losses. The approach NATURE OF OPERATIONS AND GENERAL INFORMATIONCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2022NOTES TO THE FINANCIAL STATEMENTS 69 1. Segmental reporting OPERATING SEGMENTS For the purposes of segmental reporting, the Group’s Chief Operating Decision Maker (’CODM’) is considered to be the Board of Executive Directors of the Company. The Board receives information on a consolidated basis. Given the extent and nature of central services provided in support of the Group’s different revenue streams, the Board considers that the Group has only one operating segment. REVENUE BY GEOGRAPHIC DESTINATION Revenue across all operating segments is generated from the UK but includes overseas sales: UK Non-UK 2022 £’000 10,880 3,022 13,902 2021 £’000 9,666 2,094 11,760 2022 Non-UK revenue includes United States of America £1,150,000 (2021: £764,000), Ireland £442,000 (2021: £408,000), Italy £141,000 (2021: £11,000), Rest of Europe £461,000 (2021: £279,000), Australia £121,000 (2021: £84,000) and Rest of the World £707,000 (2021: £548,000). 2022 Non-UK non-current assets includes Ireland £29,000 (2021: £31,000) and Germany £17,000 (2021: £7,000). INFORMATION ABOUT MAJOR CUSTOMERS No customers contributed 10% or more to the Group’s revenue in any period presented. 2. Revenue Revenue is all derived from continuing operations. Notwithstanding that the Group’s revenues are often interdependent, the Group has disaggregated revenue into various categories in the following tables which is intended to depict how the nature, amount, timing and uncertainty of revenue and cash flows are affected by economic date: Consultancy Publishing and Distribution Software Training Total revenue The Group’s revenue is analysed by timing of delivery of goods or services as: Point in time delivery Over time Total revenue The revenue is analysed as follows for each revenue category: Sale of goods Provision of services Other operating Income Total 2022 £’000 8,882 838 1,481 2,701 13,902 2022 £’000 9,336 4,566 13,902 2022 £’000 824 13,078 13,902 240 14,142 2021 £’000 8,106 750 1,147 1,757 11,760 2021 £’000 8,434 3,326 11,760 2021 £’000 740 11,020 11,760 148 11,908 Included in Other Operating Income are grant receipts totalling £5,000 (2021: £85,000) claimed under the Government furlough scheme. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202270 2. Revenue continued CONTRACT LIABILITIES: DEFERRED INCOME At 1 April Amounts included in deferred income that were recognised as revenue in the period from the opening balance Amounts invoiced in the period and not recognised as revenue until later periods At 31 March Deferred income 2022 £’000 1,114 (1,114) 1,847 1,847 2021 £’000 952 (952) 1,114 1,114 The Group recognises deferred income as a contract liability. This balance equates to the value of the remaining performance obligations for revenue recognised over time, given the nature of the Group’s invoicing arrangements with customers. Contract assets and contract liabilities are included within ’trade and other receivables’ and ’trade and other payables’ respectively on the face of the Consolidated Balance Sheet. They arise from the Group’s contracts that cover multiple reporting periods as payments received from customers at each balance sheet date do not necessarily equal the amount of revenue recognised on the contracts. No material contract asset balances arise in the ordinary course of business. 3. Operating profit Operating profit is stated after charging: Cost of sales Wages and salaries Other direct costs including consultancy and training costs, books and manuals Other administration costs Wages and salaries Sales and marketing costs Depreciation of property, plant and equipment Loss of sale of fixed assets Amortisation of intangible fixed assets Auditor’s remuneration: – Fees payable for the audit of the annual accounts Foreign exchanges (gains)/losses Other costs including office administration, legal and professional, IT and website costs 2022 £’000 8,882 4,030 1,668 5,698 5,743 299 234 50 1,367 130 (3) 1,321 9,141 2021 £’000 8,106 4,110 1,504 5,614 5,501 438 350 4 1,107 120 6 1,356 8,882 No non-audit fees were payable to the auditor in respect of services rendered in the current or prior year. Included in other operating income are grant receipts totalling £5,000 (2021: £85,000) under the Coronavirus Job Retention Scheme. NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 20224. Employees The aggregate payroll costs of the employees were as follows: Staff costs Wages and salaries Social security costs Pension costs No Directors made any gains on exercise of share options (2021: £26k). The average monthly number of persons employed by the Group during the year was as follows: By activity Administration Sales and distribution Remuneration of Directors is disclosed in the Remuneration Committee Report. Details of key management personnel and their remuneration are disclosed within note 24. 5. Net finance costs Interest on overdrafts Interest on loans Interest on lease liabilities Other interest 71 2021 £’000 8,769 938 207 9,914 2022 £’000 8,660 942 207 9,809 2022 2021 74 90 164 2022 £’000 – 165 69 70 304 68 81 149 2021 £’000 2 159 43 43 247 NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202272 6. Taxation Analysis of credit in the year: Current tax – current period Current tax – adjustment in respect of prior period Deferred tax – current period movement Deferred tax – adjustment in respect of prior period Total tax credit Loss before taxation Loss by rate of tax (2022: 19%; 2021: 19%) Expenses not deductible for tax purposes Deferred tax asset not recognised Deferred tax – current period movement Adjustments to deferred tax in respect of prior period Other adjustments to current tax in respect of prior period Adjustment in respect of prior period: research and development tax credit Total tax credit 2022 £’000 – (4) (40) 38 (6) 2022 £’000 (1,003) (191) 47 142 (40) 38 (2) – (6) 2021 £’000 – (157) (85) (22) (264) 2021 £’000 (2,835) (539) 11 528 (85) (22) 20 (177) (264) The March 2021 Budget announced a further increase to the main rate of corporation tax to 25% from April 2023. This rate was substantively enacted in May 2021. As a result deferred tax balances as at 31 March 2022 are measured at 25%. At the balance sheet date, the Group has the following unused tax losses: Trading losses (UK) Trading losses (Ireland) Trading losses (USA) Non-trading loan relationship debits 2022 £’000 6,249 1,781 483 198 2021 £’000 5,804 1,631 470 164 At the balance sheet date, a deferred tax asset has not been recognised for these amounts on the basis that at the present time the Group has not recorded a recent taxable project. The Group records tax credits for research and development tax credits in the financial statements when the claims have been quantified. No amount has been quantified at the current time in relation to the years ended 31 March 2022 or 31 March 2021. As explained in note 15, as and when credits are claimed and credited to the tax accounts of the Group, the amounts are expected to reduce the Group’s outstanding balances payable to HMRC. A tax credit of £177,000 was claimed in relation to the year ended 31 March 2019 and was recorded in the year ended 31 March 2021. NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202273 DEFERRED TAX The following are the major deferred tax liabilities and assets recognised by the Group and movements thereon during the current and prior reporting period. Deferred tax assets and liabilities are offset where the Group has a legally enforceable right to do so. Fixed asset timing differences £’000 Retirement benefit obligations £’000 Share-based payments £’000 At 1 April 2020 (Credit)/charge to profit or loss Prior year adjustment Foreign exchange Deferred tax (asset)/ liability at 31 March 2021 (Credit)/charge to profit or loss Prior year adjustment Deferred tax at 31 March 2022 Liability Deferred tax at 31 March 2021 Liability 210 (185) (25) – – – – – – (2) (1) 1 – (2) (2) – (4) (2) (1) – – – (1) – 1 – (1) Short-term timing differences £’000 (5) 1 4 – – – – – – Tax losses (Ireland) £’000 Tax losses (UK) £’000 Intangibles £’000 (144) 138 (3) 9 – – – – – (1) – 1 – – – – – – Total £’000 438 (85) (22) 9 340 (40) 38 381 (38) – – 343 (38) 37 342 338 343 340 7. Earnings per share Basic earnings per share is based on the loss after tax for the year and the weighted average number of shares in issue during each year. Loss attributable to equity holders of the Group (£) Weighted average number of shares in issue Basic loss per share (pence) 2022 £’000 (997) 101,510 (0.98) 2021 £’000 (2,571) 99,754 (2.58) Diluted earnings per share is calculated by adjusting the average number of shares in issue during the year to assume conversion of all dilutive potential ordinary shares. Taking the Group’s share options into consideration in respect of the Group’s weighted average number of ordinary shares for the purposes of diluted earnings per share, is as follows: Number of shares Dilutive (potential dilutive) effect of share options 2022 2021 101,510,456 99,754,064 – – Weighted average number of ordinary shares for the purposes of diluted earnings per share 101,510,456 99,754,064 Diluted loss per share (pence) (0.98) (2.58) Due to the losses incurred during the year, a diluted loss per share has not been calculated as this would serve to reduce the basic loss per share. There were 426,760 (2021: 426,760) share options outstanding at the end of the year that could potentially dilute basic earnings per share in the future. NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202274 8. Subsidiaries Details of the Group’s subsidiaries are as follows: Name of subsidiary and registered office address Principal activity IT Governance Limited* Vigilant Software Limited* IT Governance Europe Limited 6th Floor, South Bank House, Barrow Street, Dublin 4 IT Governance USA Inc 420 Lexington Avenue, Suite 300, New York, NY 10170, USA IT Governance Publishing Limited* GRCI Law Limited* GRC Elearning Limited* IT Governance Europe Limited* IT Governance Consulting Limited* IT Governance Franchising Limited* IT Governance Sales Limited* IT Governance Software Limited* IT Governance Training Limited* ITG Certifications Limited* ITG Qualifications Limited* ITG Security Testing Limited* ITG Encryption Limited* Information technology governance services Information technology Software development Information technology governance services Information technology governance services Information technology governance publication Information technology governance legal services Information technology governance internet-based training Dormant company*** Dormant company*** Dormant company*** Dormant company*** Dormant company*** Dormant company*** Dormant company*** Dormant company*** Dormant company*** Dormant company*** Data Quality Management Limited** Data Quality Management Group Limited** Dormant company*** Information technology governance services Data2 Limited** DQM Group Holdings Limited** Dormant company*** Holding company*** * Registered Office: Unit 3, Clive Court, Bartholomew’s Walk, Cambridge Business Park, Ely, Cambridgeshire CB7 4EA. ** Registered Office: DQM House, Baker Street, High Wycombe, Buckinghamshire HP11 2RX. *** Dormant subsidiaries which have taken advantage of the s394A exemption from preparing individual accounts. Place of incorporation and operation England & Wales % ownership held by the Group 2022 £’000 100% 2021 £’000 100% England & Wales 100% 100% Ireland 100% 100% USA 100% 100% England & Wales 100% 100% England & Wales 100% 100% England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% Vigilant Software Limited, company number 05985888, IT Governance Publishing Limited, company number 06082604, GRCI Law Limited, company number 11311669, GRC Elearning Limited, company number 11247590 and DQM Group Holdings Limited, company number 10852386 which are included in the consolidated financial statements, are entitled to, and have opted to take, exemption from the requirement for their individual financial statements to be audited under section 479a of the Companies Act 2006 relating to subsidiary companies. NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 20229. Goodwill Cost and Net book value At 1 April At 31 March 75 2022 £’000 6,804 6,804 2021 £’000 6,804 6,804 Goodwill arising from business combinations has been allocated to the Group’s DQM cash-generating unit (’CGU’). Goodwill is tested at least annually for impairment and whenever there are indications that goodwill might be impaired. For the DQM CGU, the carrying amount of goodwill has been assessed for impairment by comparing the carrying amount of the CGU in which it is included to the recoverable amount based on value in use of the CGU. The value in use calculation for the cash-generating unit uses: estimated future cash flows, for which the key assumptions are forecast revenue over the next five years, based on management’s estimates; the terminal growth rate for revenues beyond that period, which reflects a cautious approach for the purpose of measuring a value in use; and a pre-tax discount rate, which is based on management’s assessment of risk inherent in the estimated future cash flows. The pre-tax cash flows for the forecast period are derived from the most recent financial budget for the year ending 31 March 2023 approved by the Board. The extrapolation for the period 2024 to 2028 is based on management estimates with an assumption of 15% revenue growth. As of 31 March 2022, the value in use of the cash-generating unit was greater by £7,015k than the CGU’s carrying amount. The key assumptions used were the revenue growth assumptions as explained above, the terminal growth rate of 2%, and the pre-tax discount rate of 7.2%. Management’s methodology does not include the use of small company or company specific risk Premia because in the judgement of the directors, the degree of risk attaching to the cash flow assumptions is such that no additional risk premium in the discount rate is considered necessary. The growth in cash flows and the selection of the discount rate are judgements that management has made which may have a bearing on the identification of impairment losses. The changes in key assumptions that would individually give rise to a material impairment loss are as follows: a) The discount rate would have to increase by 4.0%; b) Operating costs would have to rise by 15%, assuming that revenue levels were to grow by 15%; or c) Future revenue increases by 14% less than is modelled in the forecast period (assuming margins remained the same) in order to reduce the headroom to nil, all other variables remaining constant . 10. Intangible assets Cost At 1 April 2020 Additions Foreign exchange movement At 31 March 2021 Additions At 31 March 2022 Accumulated depreciation At 1 April 2020 Charge for year Foreign exchange movement At 31 March 2021 Charge for year At 31 March 2022 Net book value At 31 March 2022 At 31 March 2021 At 1 April 2020 Marketing tools £’000 Publishing products £’000 Consultancy products and courseware £’000 Software and website costs £’000 Trademarks £’000 Customer relationships £’000 63 – – 63 3 66 61 2 – 63 – 63 3 – 2 333 67 – 400 51 451 234 32 – 266 51 317 134 134 99 881 158 (3) 1,036 182 1,218 325 90 (1) 414 112 526 692 622 556 5,234 943 – 6,177 995 7,172 2,274 783 – 3,057 1,003 4,060 3,112 3,120 2,960 466 1,843 – – 466 – 466 54 46 – 100 47 147 319 366 412 – – 1,843 – 1,843 166 154 – 320 153 473 1,370 1,523 1,677 Total £’000 8,820 1,168 (3) 9,985 1,231 11,216 3,114 1,107 (1) 4,220 1,366 5,586 5,630 5,765 5,706 Amortisation is included within administrative expenses. Intangible assets includes capitalised related party costs incurred as further explained in note 24. All intangible assets have been developed internally with the exception of those arising on the business acquisition in 2019. For CGUs requiring impairment testing under IAS 36 Impairment of Assets, the method used to determine recoverable amount is value-in-use. NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202276 11. Property, plant and equipment Leasehold improve- ments £’000 Computer equipment £’000 Office equipment £’000 Right-of-use assets – properties £’000 Cost At 1 April 2020 Additions Disposals Foreign exchange movement At 31 March 2021 Additions Additions – lease modifications Disposals At 31 March 2022 Accumulated depreciation At 1 April 2020 Charge for year Disposal Foreign exchange movement At 31 March 2021 Charge for year Disposal Foreign exchange movement At 31 March 2022 Net book value At 31 March 2022 At 31 March 2021 At 31 March 2020 140 21 – (1) 160 12 – (105) 67 50 14 – – 64 15 (55) – 24 43 96 90 739 8 – – 747 33 – (513) 267 551 124 – – 675 61 (512) – 224 43 72 188 Depreciation is included within administrative expenses. 12. Inventories Finished goods for resale Amounts of inventories recognised as an expense during the period as cost of sales Amounts of inventories impaired during the period 91 6 – (1) 96 2 – (34) 64 56 18 – – 74 15 (36) – 53 11 22 35 664 – (97) (2) 565 – 138 (192) 511 194 194 (57) (2) 329 143 (192) 3 283 228 236 470 2022 £’000 – 2022 £’000 36 2022 £’000 35 Total £’000 1,634 35 (97) (4) 1,568 47 138 (844) 909 851 350 (57) (2) 1,142 234 (795) 3 584 325 426 783 2021 £’000 33 2021 £’000 76 2021 £’000 33 NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202213. Trade and other receivables Trade receivables Less: provision for impairment of trade receivables Net trade receivables Other receivables Prepayments 77 2021 £’000 1,186 – 1,186 78 430 1,694 2022 £’000 1,284 (124) 1,160 32 420 1,612 None of the Company’s trade and other receivables are secured by collateral or credit enhancements. The Group applies the IFRS 9 simplified approach to measuring expected credit losses on a collective basis. To measure expected credit losses on a collective basis, trade receivables and contract assets are grouped based on a similar credit risk and ageing. The Group’s policy for monitoring default risk over receivables is based on the ongoing evaluation of the collectability and ageing analysis of trade and other receivables. Considerable judgement is required in assessing the ultimate realisation of these receivables, including reviewing the potential likelihood of default, the past collection history of each customer and the current economic conditions. The Group uses a third party credit scoring system to assess the creditworthiness of potential new customers before accepting them. Credit limits are defined by customer based on this information. All customer accounts are subject to review on a regular basis by senior management and actions are taken to address debt ageing issues. To determine the level of expected credit loss provision required, historical loss rates are adjusted for current and forward-looking information on macroeconomic factors affecting the Group’s customers. The Group has identified gross domestic product growth rates, employment rates and inflation rates as the key macroeconomic factors in the countries in which the Group operates. The rates applied vary from 10% to 100% depending on the above factors and the age of the debt. The Group has not previously recorded any credit loss provision on the grounds of materiality. The Directors consider that the carrying amount of trade and other receivables approximates to the fair value. Included in the Group’s trade receivable balance as at the year end were customer balances with a carrying amount of £396,000 (2021: £356,000) which are past due at the reporting date for which the Group has not recorded a partial provision, however the Directors still believe the amounts to be recoverable in full. The maturity profile of trade and other receivables is set out in the table below: In one year or less, or on demand The analysis of trade and other receivables by foreign currency is set out in the table below: UK pound US dollar Euro Australian dollar 2022 £’000 1,612 2022 £’000 1,476 83 51 2 1,612 2021 £’000 1,694 2021 £’000 1,581 67 46 – 1,694 The Group’s foreign currency receivables are denominated in the functional currency of the subsidiaries in which they arise. There is no impact on the loss for the year from foreign exchange rate movements on such financial instruments. NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202278 14. Cash and cash equivalents Cash at bank (GBP) Cash at bank (EUR) Cash at bank (USD) Cash at bank (other currencies) All significant cash and cash equivalents were deposited with major clearing banks with at least ‘A’ rating. 15. Trade and other payables Amounts falling due within one year: Trade payables Other taxation and social security Other payables Deferred income Accruals Amounts falling due after one year: Other taxation and social security 2022 £’000 2,014 19 64 2 2,099 2022 £’000 1,018 2,273 436 1,847 361 5,935 2022 £’000 73 73 2021 £’000 155 33 45 – 233 2021 £’000 1,223 2,737 451 1,114 461 5,986 2021 £’000 – – Amounts falling due after one year relate to the non current element of the other tax and social security arrangements agreed with HMRC on the basis of time to pay arrangements (see Note 18). The balance payable will reduce as cash payments are made and is also expected to reduce as R&D tax credits are claimed from HMRC as and when quantified in respect of year ended 31 March 2020, 31 March 2021 and 31 March 2022 respectively. 16. Borrowings Secured Other loans (i) Total secured borrowings Unsecured Bank loans Other loans Loans from related parties* Total unsecured borrowings Total borrowings * Further information relating to loans from related parties is set out in note 25. Current £’000 2022 Non-current £’000 Total £’000 Current £’000 2021 Non-current £’000 205 205 40 91 386 517 722 – – 193 136 – 329 329 205 205 233 227 386 846 1,051 266 266 63 166 368 597 863 – – 234 226 – 460 460 Total £’000 266 266 297 392 368 1,057 1,323 NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202279 16. Borrowings continued (I) SECURED LIABILITIES AND ASSETS PLEDGED AS SECURITY Of the loans, £82,000 (2021: £260,000) is secured against receipts from sales. The remaining secured loans are secured against assets of the business. Secured loans Unsecured loans Loans from related parties Total Secured loans Unsecured loans Loans from related parties Total As at 1 April 2021 £’000 266 689 368 1,323 Cash proceeds from borrowings £’000 546 – – 546 Repayments of capital £’000 Repayments of interest £’000 Interest accruing £’000 (607) (229) – (836) (87) (60) – (147) 87 60 18 165 As at 1 April 2020 £’000 528 591 728 1,847 Cash proceeds from borrowings £’000 Repayments of capital £’000 Repayments of interest £’000 Interest accruing £’000 Foreign exchange £’000 392 318 – 710 (654) (217) (378) (1,249) (71) (70) – (141) 71 70 18 159 – (3) – (3) As at 31 March 2022 £’000 205 460 386 1,051 As at 31 March 2022 £’000 266 689 368 1,323 The Group has a number of loans in the period presented, and they are summarised as follows: Bank Lloyds Bank – CBILS Loan Unsecured 72 months October 2026 2.45% Security pledged Term Expiry/maturity date Effective interest rate Other Wesleyan Portman Asset Finance Bute Capital You Lend LDF Finance No. 3 Ltd Paypal Uncapped Finance Ltd Loans from related parties Parent company guarantee Director’s Guarantee Secured against assets of business Secured against receipts from sales Director’s Guarantee Secured against receipts from sales Unsecured 60 months September 2024 14.32% 36 months 14-16 months August 2023 July 2022 10.16% 6.65% -10.36% 12 months July 2022 36 months 12 months August 2022 June 2022 16.29% 10.16% 4.26% -10.49% 12 months July 2022 15.00% Unsecured loan facility provided by Andrew Brode Unsecured December 2023 5% above the Bank of England base rate Available to the Group until at least 31 December 2023 and will automatically renew for a further 12 months unless terminated by either party In addition, the Group has access to an invoicing discounting facility. NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202280 17. Financial instruments – risk management The Group is exposed through its operations to the following financial risks: – Credit risk – Interest rate risk – Foreign exchange risk – Other market price risk – Liquidity risk. In common with all other businesses, the Group is also exposed to risks that arise directly from its use of financial instruments. This note describes the Group’s objectives, policies and processes for managing those risks and the methods used to measure them. Further quantitative information in respect of these risks is presented throughout these financial statements. I. PRINCIPAL FINANCIAL INSTRUMENTS The principal financial instruments used by the Group, from which financial instrument risk arises, are as follows: – Trade receivables – Cash and cash equivalents – Trade and other payables – Bank overdrafts – Floating rate bank loans – Fixed rate bank loans – Other loans Lease liabilities are secured as the rights to the leased assets recognised in the financial statements revert to the lessor in the event of default. II. FINANCIAL INSTRUMENTS BY CATEGORY Financial assets Cash and cash equivalents Trade and other receivables Total financial assets Amortised cost 2022 £’000 2,099 1,160 3,259 All of the above financial assets’ carrying values are approximate to their fair values, as at each reporting date disclosed. Financial liabilities Trade and other payables Borrowings Lease payables Total financial liabilities Amortised cost 2022 £’000 1,454 1,051 262 2,767 2021 £’000 233 1,186 1,419 2021 £’000 1,758 1,322 280 3,340 All of the above financial liabilities’ carrying values are considered by management to be approximate to their fair values, as at each reporting date disclosed. NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202281 17. Financial instruments – risk management continued III. FINANCIAL INSTRUMENTS MEASURED AT FAIR VALUE Classification of financial instruments The fair value hierarchy groups financial assets and liabilities into three levels based on the significance of inputs used in measuring the fair value of the financial assets and liabilities. The fair value hierarchy has the following levels: – Level 1: quoted prices (unadjusted) in active markets for identical assets or liabilities; – Level 2: inputs other than quoted prices included within level 1 that are observable for the asset or liability, either directly (i.e. as prices) or indirectly (i.e. derived from prices); and – Level 3: inputs for the asset or liability that are not based on observable market data (unobservable inputs). The level within which the financial asset or liability is classified is determined based on the lowest level of significant input to the fair value measurement. The Group did not hold any level 1 or 2 financial instruments in any of the periods presented. 18. Financial instrument risk exposure and management GENERAL OBJECTIVES, POLICIES AND PROCESSES The Board has overall responsibility for the determination of the Group’s risk management objectives and policies and, whilst retaining ultimate responsibility for them, it has delegated the authority for designing and operating processes that ensure that effective implementation of the objectives and policies to the Group’s finance function. The Board receives monthly reports from the Group Finance Director through which it reviews the effectiveness of the processes put in place and the appropriateness of the objectives and policies it sets. The Group’s internal auditors also review the risk management policies and processes and report their findings to the Audit Committee. The overall objective of the Board is to set policies that seek to reduce risk as far as possible without unduly affecting the Group’s competitiveness and flexibility. Further details regarding these policies are set out below: CREDIT RISK The Group’s credit risk is primarily attributable to its trade receivables, which are presented in note 13. In respect of trade and other receivables, the Group is not exposed to any significant credit risk exposure to any single counterparty; its counterparties have similar characteristics being small to medium sized UK businesses as well as a number of blue-chip organisations. Trade receivables consist of a large number of customers in various industries and geographical areas. Based on historical information about customer default rates management considers the credit quality of trade receivables that are not past due or impaired to be good. The credit risk on liquid funds is limited because the third parties are large international banks with a credit rating of at least A. The Group’s total credit risk amounts to the total of the sum of the receivables and cash and cash equivalents. At the 2022 year end, this amounts to £3,259k (2021: £1,419k; 2020: £1,773k). INTEREST RATE RISK The Group has secured and unsecured debt consisting of related party/bank and other loans. The interest on most of the loans is fixed, and therefore interest rate risk is considered to be limited. Interest rate risk arising from borrowing at variable rates is not hedged. FOREIGN EXCHANGE RISK Most of the Group’s transactions are carried out in GBP. Exposures to foreign currency exchange rates arise from the Group’s overseas sales and purchases, which are denominated in a number of currencies, primarily USD, EUR and AUD. Cash balances held in these currencies are relatively immaterial (see note 14) and transactional risk is considered manageable due to the values involved. The Group does not hold material non-GBP balances and currently does not consider it necessary to take any action to mitigate foreign exchange risk due to the immateriality of that risk. LIQUIDITY RISK Liquidity risk represents the risk that the Group will not be able to meet its financial obligations as they fall due. The Group’s approach to managing this risk is to ensure, as far as possible, that it will always have sufficient liquidity to meet its liabilities when due, under both normal and stressed conditions, without incurring unacceptable losses or risking damage to the Group’s reputation. Prudent liquidity risk management includes maintaining sufficient cash balances to ensure the Group can meet liabilities as they fall due, and ensuring adequate working capital using invoice financing arrangements. NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202282 18. Financial instrument risk exposure and management continued Further details are provided on page 60 in the Going Concern section. The table below shows the undiscounted cash flows on the Group’s financial liabilities as at 31 March 2022 and 2021, on the basis of their earliest possible contractual maturity. At 31 March 2022 Trade payables Accruals Lease liabilities Other tax and social security Related party loans Bank and other loans At 31 March 2021 Trade payables Accruals Lease liabilities Other tax and social security Related party loans Bank and other loans Total £’000 1,018 361 262 2,346 386 665 5,038 Total £’000 1,223 461 280 2,737 368 955 6,024 On demand £’000 790 – – – 386 – 1,176 On demand £’000 1,122 – – – 368 – 1,490 Within 2 months £’000 Within 2-6 months £’000 6-12 months £’000 1-2 years £’000 Greater than 2 years £’000 228 – – 1,004 – 58 – 361 62 611 – 116 1,290 1,150 – – 55 658 – 162 875 – – 94 73 – 129 296 – – 51 – – 200 251 Within 2 months £’000 Within 2-6 months £’000 6-12 months £’000 1-2 years £’000 Greater than 2 years £’000 101 – – 359 – 97 557 – 461 98 1,053 – 193 1,805 – – 99 1,325 – 205 1,629 – – 72 – – 134 206 – – 11 – – 326 337 19. Capital management The Group’s capital management objectives are: – to ensure the Group’s ability to continue as a going concern; and – to provide long-term returns to shareholders. The Group defines and monitors capital on the basis of the carrying amount of equity plus its outstanding loans, less cash and cash equivalents as presented on the face of the balance sheet as follows: Equity Borrowings (note 16) Less: cash and cash equivalents (note 14) 2022 £’000 8,701 1,051 (2,099) 7,653 2021 £’000 6,906 1,323 (233) 7,996 The Board of Directors monitors the level of capital as compared to the Group’s commitments and adjusts the level of capital as is determined to be necessary by issuing new shares or adjusting the level of debt. The Group is not subject to any externally imposed capital requirements. NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202220. Leasing arrangements The following table outlines the maturity analysis of the lease liabilities: Contractual discounted cash flows Less than one year Two to five years Lease liabilities at 31 March Lease liabilities Lease liabilities 2022 £’000 117 145 262 1 April 2021 £’000 (280) 1 April 2020 £’000 (487) Net cash flow £’000 Increase of liability £’000 Currency and non-cash movements £’000 154 (137) 1 Net cash flow £’000 168 Increase of liability £’000 Currency and non-cash movements £’000 35 4 The following amounts have been included in the Income Statement: Interest expense on lease liabilities (note 5) Operating costs relating to short-term leases and low-value assets Amounts recognised in the Income Statement 2022 £’000 (69) – (69) 83 2021 £’000 197 83 280 31 March 2022 £’000 (262) 31 March 2021 £’000 (280) 2021 £’000 (43) – (43) The Group has elected not to recognise right-of-use assets and lease liabilities for short-term leases (i.e. lease term less than 12 months) or low-value assets (i.e. under £5,000). The Group will continue to expense the lease payments associated with these leases on a straight-line basis over the lease term. At 1 April 2021, this was less than £1,000. The borrowing rate used on the lease liabilities is 10%. Variable lease payments that depend on an index or a rate are also less than £5,000. The Group sublet office space to Xanthos as outlined in note 24. This has now ceased. 21. Retirement benefit plans Benefits from the contributory pension schemes to which the Group contributes are related to the cash value of the funds at retirement dates. The Group is under no obligation to provide any minimum level of benefits. The assets of the schemes are administered by trustees in funds independent of the Group. During the year £207,000 was recognised in the Income Statement in relation to pension contributions (2021: £207,000). As at 31 March 2022, £nil is payable to pension schemes (2021: £nil). NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2022 84 22. Share capital AUTHORISED SHARE CAPITAL The authorised share capital comprises 107,826,246 (2021: 99,931,509) ordinary shares of £0.001 each. 1 April 2020 99,577,589 ordinary shares of £0.001 Issued 353,920 ordinary shares of £0.001 31 March and 1 April 2021 99,931,509 ordinary shares of £0.001 Issued 7,894,737 ordinary shares of £0.001 31 March 2022 107,826,246 ordinary shares of £0.001 £’000 100 – 100 8 (233) 108 On 17 January 2022, 7,894,737 ordinary shares with a nominal value of 0.1p were issued at 0.38p per share as the result of a subscription and placing. 23. Share premium 1 April 2020 62,462,940 ordinary shares of £0.001 Issued 353,920 ordinary shares of £0.13 31 March and 1 April 2021 Issued 7,894,737 ordinary shares of £0.38 Cost of shares issued 31 March 2022 £’000 13,182 45 13,227 100 2,992 (207) 16,012 Consideration received in excess of the nominal value of the 7,894,737 shares issued on 17 January 2022 as a result of the subscription and placing has been included in share premium, less registration fees and commission of £207,000. NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202285 24. Share-based payments The Group operates a share option scheme to which the employees of the Group may be invited to participate by the Remuneration Committee. If the options remain unexercised after a period of ten years from the date of grant, the options expire. Options are forfeited if the employee leaves the Group before the options vest. The options were granted on 12 February 2018. Details of the number of share options and the weighted average exercise price (’WAEP’) outstanding during the year are as follows: 2022 Outstanding at the beginning of the year – vested and exercisable Exercised Outstanding at the year end Number vested and exercisable at 31 March 2022 2021 Outstanding at the beginning of the year – vested and exercisable Exercised Outstanding at the year end Number vested and exercisable at 31 March 2021 Number of options 426,760 426,760 426,760 Number of options 780,680 (353,920) 426,760 426,760 WAEP £ 1.64 1.64 1.64 WAEP £ 0.27 0.13 1.64 1.64 As all options had vested prior to 31st March 2021, there is no share option expense recorded in the year ended 31 March 2022 or 31 March 2021. 25. Related party transactions Key management personnel are identified as the Directors, including non-statutory directors, and their remuneration is disclosed as follows: Remuneration of key management Remuneration Social security costs Pension contributions to defined contributions scheme Other related party borrowings transactions are as follows: Principal At 1 April 2020 Loans repaid At 31 March 2021 Loans repaid At 31 March 2022 Interest At 1 April 2020 Interest accrued Interest paid At 31 March 2021 Interest accrued Interest paid At 31 March 2022 2022 £’000 396 50 1 447 2021 £’000 641 76 40 757 Andrew Brode £’000 700 (350) 350 – 350 28 18 (28) 18 18 – 36 NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2022 86 25. Related party transactions continued Alan Calder and his wife are the trustees of the IT Governance Pension Fund. Other related party transactions are as follows: In prior years Xanthos Limited was considered a related party entity as Alan Calder is a co-owner of that company with his spouse (who runs the business). The business was sold on the 30th September 2021 and from that date ceased to be a related party. Xanthos sub-leased office space from the Group, which is included within other income. During the period to 30 September 2021 this totalled £11k (2021: £16k). Transactions were carried out on an arm’s length basis. The Group also made purchases from Xanthos. During the period to 30 September 2021, the Group made purchases totalling £264k from Xanthos (2021: £523k) of which £240k (2021: £420k) was capitalised. 26. Ultimate controlling party In the opinion of the Directors, there is no one individual who exercises control over the Group. NOTES TO THE FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2022COMPANY BALANCE SHEET FOR THE PERIOD ENDED 31 MARCH 2022 Assets Non-current assets Intangible assets Property, plant and equipment Investments in subsidiaries Deferred tax asset Current assets Cash at bank Other receivables Current liabilities Trade and other payables Borrowings Net current assets Net assets Equity Share capital Share premium Merger reserve Share-based payment reserve Retained earnings Shareholders’ funds 87 2021 £’000 607 – 10,817 2 11,426 – 6,629 6,629 (1,177) (396) (1,573) 5,056 16,482 100 14,553 4,276 126 (2,573) 16,482 Notes 3 4 5 6 7 8 9 10 2022 £’000 798 1 10,817 2 11,618 1 8,490 8,491 (834) (386) (1,220) 7,271 18,889 108 17,338 4,276 126 (2,959) 18,889 As permitted by Section 408 of the Companies Act 2006, a separate income statement for the Company has not been presented. The Company’s loss for the period ended 31 March 2022 was £389,000 (2021 profit: £58,000). Additionally, no cash flow statement is presented as permitted by FRS.101.8(L). The accompanying notes form part of the financial statements. The financial statements were approved by the Board of Directors and authorised for issue on 30 August 2022 and were signed on its behalf by: Chris Hartshorne Director Company registration number: 11036180 FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202288 COMPANY STATEMENT OF CHANGES IN EQUITY FOR THE PERIOD ENDED 31 MARCH 2022 At 1 April 2021 100 14,553 4,276 126 (2,573) 16,482 Share capital £ Share premium £ Merger reserve £ Share-based payment reserve £ Retained earnings £ Total £ Loss for the period and total comprehensive income Transactions with owners Shares issued Cost of share issue At 31 March 2022 – 8 – 8 108 – 2,992 (207) 2,785 17,338 – – – – – – – – (386) (386) – – – 3,000 (207) 2,793 18,889 4,276 126 (2,959) At 1 April 2020 Profit for the period and total comprehensive loss Transactions with owners – shares issued At 31 March 2021 Share capital £ Share premium £ Merger reserve £ Share-based payment reserve £ Retained earnings £ Total £ 100 14,508 4,276 – – – 45 – – 100 14,553 4,276 171 – (45) 126 (2,676) 16,379 58 45 58 45 (2,573) 16,482 FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2022 NOTES TO THE COMPANY FINANCIAL STATEMENTS 89 1. Principal accounting policies The principal accounting policies are summarised below. They have all been applied consistently throughout the period. GENERAL INFORMATION GRC International Group plc (the ‘Company‘) is a company incorporated in the United Kingdom under the Companies Act 2006. The address of the Registered Office is given on page 74 of this Annual Report and Accounts. The Company is a holding company that manages the other trading subsidiaries of the GRC International Group. BASIS OF PREPARATION The financial statements have been prepared in accordance with Financial Reporting Standard 100 Application of Financial Reporting Requirements (‘FRS 100‘) and Financial Reporting Standard 101 Reduced Disclosure Framework (‘FRS 101‘) and the Companies Act 2006 (the ‘Act‘). The Company is a qualifying entity for the purposes of FRS 101. The financial statements have been prepared on a historical cost basis. As permitted by FRS 101, no share-based payment disclosures have been included in these financial statements. Details of the share option scheme can be found in note 25 of the Group financial statements. The Company has taken advantage of the following disclosure exemptions under FRS 101: • The requirement in paragraph 38 of IAS 1 ‘Presentation of Financial Statements’ to present comparative information in respect of: • paragraph 79(a)(iv) of IAS 1; • paragraph 73(e) of IAS 16 ‘Property, Plant and Equipment‘; • paragraph 118(e) of IAS 38 ‘Intangible Assets‘; • • • IFRS 2, ‘Share-based Payment’; IFRS 7, ‘Financial Instruments: Disclosures‘; The requirements of paragraphs 10(d), 10(f), 16, 38A, 38B, 38C, 38D, 40A, 40B, 40C, 40D, 111 and 134-136 of IAS 1 ‘Presentation of Financial Statements‘; • The requirements of IAS 7 ‘Statement of Cash Flows‘; • The requirements of paragraphs 30 and 31 of IAS 8 ‘Accounting Policies, Changes in Accounting Estimates and Errors‘; • The requirements of paragraph 17 and 18A of IAS 24 ‘Related Party Disclosures‘; • • The requirements in IAS 24 ‘Related Party Disclosures‘ to disclose related party transactions entered into between two or more members of a group, provided that any subsidiary which is a party to the transaction is wholly owned by such a member; and The requirements of the second sentence of paragraph 110 and paragraphs 113(a), 114, 115, 118, 119(a) to (c), 120 to 127 and 129 of IFRS 15 ‘Revenue from Contracts with Customers‘. GOING CONCERN The financial statements do not include the adjustments that would be required should the going concern basis of preparation no longer be appropriate. INVESTMENTS Investments in subsidiaries and associates are measured at cost less impairment. For investments in subsidiaries acquired as part of a Group reorganisation for consideration, including the issue of shares qualifying for merger relief, cost is measured by reference to the nominal value of the shares issued plus fair value of other consideration. Any premium is ignored. For other acquisitions, investments in subsidiaries and associates are measured at fair value at the transaction date. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202290 1. Principal accounting policies continued INTANGIBLE ASSETS Internally developed intangible assets Expenditure on research activities is recognised as an expense as incurred. Costs that are directly attributable to a project’s development phase are recognised as intangible assets, provided they meet the following recognition requirements: • • • • • the development costs can be measured reliably; the project is technically and commercially feasible; the Group intends to and has sufficient resources to complete the project; the Group has the ability to use or sell the software; and the software will probably generate future economic benefits. Development costs not meeting these criteria for capitalisation are expensed as incurred. Directly attributable costs include an apportionment of employee costs incurred on internal development assets. Internal development assets include software, website costs, courseware, marketing tools, consultancy products and publishing products. Subsequent measurement The useful lives of all intangible assets are assessed as finite. Intangible assets with finite lives are amortised over the useful economic life and assessed for impairment whenever there is an indication that the intangible asset may be impaired. The amortisation period and the amortisation method for an intangible asset with a finite useful life are reviewed at least at the end of each reporting period. Changes in the expected useful life or the expected pattern of consumption of future economic benefits embodied in the asset are accounted for by changing the amortisation period or method prospectively. The amortisation expense on intangible assets with finite lives is recognised in the income statement as administrative expenses. Gains or losses arising from derecognition of an intangible asset are measured as the difference between the net disposal proceeds and the carrying amount of the asset and are recognised in the income statement when the asset is derecognised. Amortisation is calculated on a straight-line basis over the estimated useful life of the asset as follows: Software Website costs Courseware Consultancy products 5 years 5–10 years 10 years 10 years FINANCIAL INSTRUMENTS Recognition and derecognition Financial assets and financial liabilities are recognised when the Company becomes a party to the contractual provisions of the financial instrument. Financial assets are derecognised when the contractual rights to the cash flows from the financial asset expire, or when the financial asset and substantially all the risks and rewards are transferred. A financial liability is derecognised when it is extinguished, discharged, cancelled or expires. Classification and initial measurement of financial assets Except for those trade receivables that do not contain a significant financing component and are measured at the transaction price in accordance with IFRS 15, all financial assets are initially measured at fair value adjusted for transaction costs (where applicable). Financial assets are classified into the following categories: • amortised cost; • • fair value through profit or loss (‘FVTPL‘); or fair value through other comprehensive income (‘FVOCI‘). NOTES TO THE COMPANY FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202291 1. Principal accounting policies continued In the period presented the Company does not have any financial assets categorised as FVOCI or FVTPL. The classification is determined by both: • • the entity’s business model for managing the financial asset; and the contractual cash flow characteristics of the financial asset. All income and expenses relating to financial assets that are recognised in profit or loss are presented within finance costs, finance income or other financial items, except for impairment of trade receivables which is presented within other administrative expenses. SUBSEQUENT MEASUREMENT OF FINANCIAL ASSETS Financial assets at amortised cost Financial assets are measured at amortised cost if the assets meet the following conditions: • • they are held within a business model whose objective is to hold the financial assets and collect its contractual cash flows; and the contractual terms of the financial assets give rise to cash flows that are solely payments of principal and interest on the principal amount outstanding. After initial recognition, these are measured at amortised cost using the effective interest method. Discounting is omitted where the effect of discounting is immaterial. The Company’s cash and cash equivalents and most other receivables fall into this category of financial instruments. CLASSIFICATION AND MEASUREMENT OF FINANCIAL LIABILITIES The Company’s financial liabilities include trade and other payables and contingent consideration. Financial liabilities are initially measured at fair value, and, where applicable, adjusted for transaction costs unless the Company designated a financial liability at fair value through profit or loss. Subsequently, financial liabilities are measured at amortised cost using the effective interest method except for derivatives and financial liabilities designated at FVTPL, which are carried subsequently at fair value with gains or losses recognised in profit or loss. All interest-related charges and, if applicable, changes in an instrument’s fair value that are reported in profit or loss are included within finance costs or finance income. IMPAIRMENT OF ASSETS At each balance sheet date, the Directors review the carrying amounts of the Company’s non-current assets to determine whether there is any indication that those assets have suffered an impairment loss. If any such indication exists, the recoverable amount of the asset is estimated in order to determine the extent of the impairment loss, if any. Where the asset does not generate cash flows that are independent from other assets, the Company estimates the recoverable amount of the cash-generating unit to which the asset belongs. Recoverable amount is the higher of fair value less costs to sell and value in use. In assessing value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current market assessments of the time value of money and the risks specific to the asset for which the estimates of future cash flows have not been adjusted. If the recoverable amount of an asset or cash-generating unit is estimated to be less than its carrying amount, the carrying amount of the asset or cash-generating unit is reduced to its recoverable amount. If the recoverable amount of a cash-generating unit is less than its carrying amount, the impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit pro rata based on the carrying amount of each asset in the unit. An impairment loss is recognised as an expense immediately. Where an impairment loss subsequently reverses, the carrying amount of the asset or cash-generating unit is increased to the revised estimate of its recoverable amount, but so that the increased carrying amount does not exceed the carrying amount that would have been determined had no impairment loss been recognised for the asset or cash-generating unit in prior periods. A reversal of an impairment loss is recognised in the Income Statement immediately. TAXATION Current tax, including UK corporation tax and foreign tax, is provided at amounts expected to be paid (or recovered) using the tax rates and laws that have been enacted or substantively enacted by the balance sheet date. Deferred tax is recognised in respect of all timing differences that have originated but not reversed at the balance sheet date where transactions or events that result in an obligation to pay more tax in the future or a right to pay less tax in the future have occurred at the balance sheet date. NOTES TO THE COMPANY FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202292 1. Principal accounting policies continued Timing differences are differences between the Company’s taxable profits and its results as stated in the financial statements that arise from the inclusion of gains and losses in tax assessments in periods different from those in which they are recognised in the financial statements. Unrelieved tax losses and other deferred tax assets are recognised only to the extent that, on the basis of all available evidence, it can be regarded as more likely than not that there will be suitable taxable profits from which the future reversal of the underlying timing differences can be deducted. FOREIGN CURRENCY The functional currency of GRC International Group plc is considered to be UK Sterling because that is the currency of the primary economic environment in which the Company operates. Transactions in foreign currencies are recorded at the rate of exchange at the date of the transaction. Monetary assets and liabilities denominated in foreign currencies at the balance sheet date are reported at the rates of exchange prevailing at that date. Exchange differences are recognised in profit or loss in the period in which they arise. SHARE-BASED PAYMENTS The Company grants to its employees rights to its equity instruments of GRC International Group plc. The fair value of awards granted is recognised as an employee expense with a corresponding increase in equity. The fair value is measured at grant date and spread over the period during which the employees become unconditionally entitled to receive the awards. The fair value of the awards granted is measured using a pricing model, taking into account the terms and conditions upon which the awards were granted. The amount recognised as an expense is adjusted to reflect the actual value of share awards that vest except where forfeiture is only due to share prices not achieving the threshold for vesting. Where the Company grants awards over its own shares to the employees of its subsidiaries, it recognises an increase in the cost of investment in its subsidiaries equivalent to the equity-settled share-based payment charge recognised in its subsidiaries’ financial statements with the corresponding credit being recognised directly in equity. EQUITY Equity comprises the following: • • • • • ‘Share capital‘ represents the nominal value of equity shares issued; ‘Share premium‘ represents amounts subscribed for share capital, net of issue costs, in excess of nominal value; ‘Merger reserve‘ represents the excess of the fair value of the consideration received for the issue of shares over the nominal value of shares issued; ‘Share-based payment reserve‘ represents the accumulated value of share-based payments; and ‘Retained earnings‘ represents the accumulated profits and losses attributable to equity shareholders. DIVIDENDS Dividends are recognised in the period in which they are approved by the Company’s shareholders, or in the case of an interim dividend, when the dividend is paid. Dividends receivable from subsidiaries are recognised when either received in cash or applied to reduce a creditor balance with a subsidiary. ESTIMATION UNCERTAINTY Information about estimates and assumptions that have the most significant effect on recognition and measurement of assets, liabilities, income and expenses is provided below. Actual results may be substantially different. The Company makes certain estimates and assumptions regarding the future. Estimates and judgements are continually evaluated based on historical experience and other factors, including expectations of future events that are believed to be reasonable under the circumstances. In the future, actual experience may differ from these estimates and assumptions. The estimates and assumptions that have a significant risk of causing a material adjustment to the carrying amounts of assets and liabilities within the next financial year are discussed below. Estimates and assumptions • Level of expected credit loss provision to hold or not hold (note 6). Estimation is required in determining the extent of credit losses that may be incurred in the future. The estimate is reviewed for circumstances present at each reporting date and the level of provision adjusted accordingly. • Impairment of investments (note 4). Estimation is required in determining whether investments are impaired or not. The Company tests whether investments have suffered any impairment when indicators of impairment are identified. The recoverable amount of the Company’s investments have been determined based on value in use calculations which incorporate elements of judgement and estimation in relation to projected future cash flows and the discount rate applied. NOTES TO THE COMPANY FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 20222. Employees Staff costs Wages and salaries Social security costs Pension costs The average monthly number of persons employed by the Company during the year was as follows: By activity Administration Sales and distribution Remuneration of Directors is disclosed in the Remuneration Committee Report. 3. Intangible assets 2022 £’000 2,493 333 50 2,876 2022 £’000 42 12 54 Consultancy products and courseware £’000 Software and website costs £’000 75 105 180 99 279 8 7 15 18 33 246 165 429 124 553 187 740 44 67 111 77 188 552 442 Cost At 1 April 2020 Additions At 31 March 2021 Additions At 31 March 2022 Accumulated depreciation At 1 April 2020 Charge for year At 31 March 2021 Charge for year At 31 March 2022 Net book value At 31 March 2022 At 31 March 2021 4. Investments in subsidiaries COST AND NET BOOK AMOUNT At 31 March 2021 and 31 March 2022 93 2021 £’000 2,796 297 85 3,178 2021 £’000 17 34 51 Total £’000 504 229 733 286 1,019 52 74 126 95 221 798 607 Investments in subsidiaries £’000 10,817 The carrying value of investments in subsidiaries relates to the Company’s directly held investments in IT Governance Limited and DQM Data Quality Group Holdings Limited. Further information about subsidiaries is provided in note 8 of the consolidated financial statements. NOTES TO THE COMPANY FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 202294 5. Deferred tax Deferred tax assets and liabilities are offset where the Group has a legally enforceable right to do so. The deferred tax asset is recognised to the extent that it is probable that future taxable profits will be available against which the asset can be utilised by way of parent company management services charges. Deferred tax asset at 1 April 2020 and 1 April 2021 Deferred tax asset at 31 March 2021 and 31 March 2022 6. Other receivables Amount owed by subsidiary undertakings Provision for expected credit loss Other receivables Prepayments Share-based payments £’000 2 2 2021 £’000 7,712 (1,196) 6,516 45 68 6,629 2022 £’000 9,956 (1,541) 8,415 – 75 8,490 The movement from changes in amounts owed to the Company from its subsidiary undertakings and has been debited to the Income Statement. The provision is calculated based on a percentage of the balances outstanding at the period end according to the Directors’ estimate of the level of credit loss that may arise. 7. Trade and other payables Trade payables Other tax and social security Accruals Other payables 8. Borrowings Unsecured Loans from related parties Total unsecured borrowings Total borrowings 2022 £’000 161 381 182 110 834 2021 £’000 235 614 197 131 1,177 2022 2021 Current £’000 Non-current £’000 Total £’000 Current £’000 Non-current £’000 Total £’000 386 386 386 – – – 386 386 386 396 396 396 – – – 396 396 396 Further information relating to loans from related parties is set out in note 26 in the Group’s financial statements. Amount advanced £’000 Security pledged Term Unsecured loan facility provided by Andrew Brode 700 Unsecured Available to the Group until at least 31 December 2023 and will automatically renew for a further 12 months unless terminated by either party Effective interest rate 5.0% above the Bank of England base rate NOTES TO THE COMPANY FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 20229. Share capital Ordinary shares of £0.001 each 2022 Number 107,826,246 £’000 108 2021 Number 99,931,509 Authorised share capital The authorised share capital comprises 107,826,246 (2021: 99,931,509) ordinary shares of £0.001 each. 1 April 2021 99,931,509 ordinary shares of £0.001 7,894,737 ordinary shares of £0.001 31 March 2022 107,826,246 ordinary shares of £0.001 10. Share premium 1 April 2020 353,920 ordinary shares of £0.13 31 March and 1 April 2021 7,894,737 ordinary shares of £0.38 Cost of shares issued 31 March 2022 95 £’000 100 £’000 100 8 108 £’000 14,508 45 14,553 2,992 (207) 17,338 Consideration received in excess of the nominal value of the7,894,737 shares issued on 17 January 2022 as a result of the subscription and placing has been included in share premium, less registration and commission of £207,000. NOTES TO THE COMPANY FINANCIAL STATEMENTSCONTINUEDFINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2022CONTENTS Strategic Report 1-29 Highlights At a Glance Chairman’s Statement Chief Executive Officer’s Review Market Overview Business Model Our Strategy Our Strategy in Action Financial Review Risk Management Key Performance Indicators Stakeholder Engagement 1 2 4 8 12 14 16 18 20 24 26 28 Corporate Governance 31-47 Governance Report Application of the QCA Code Board of Directors Audit Committee Report Remuneration Committee Report Directors’ Report Statement of Directors’ Responsibilities 32 34 38 40 43 46 47 Financial Statements 49-95 Independent Auditor’s Report Consolidated Income Statement Consolidated Statement of Comprehensive Income Consolidated Balance Sheet Consolidated Statement of Changes in Equity 50 56 56 57 58 Consolidated Statement of Cash Flows 59 Nature of Operations and General Information Notes to the Financial Statements Company Balance Sheet 60 69 87 Company Statement of Changes in Equity 88 Notes to the Company Financial Statements 89 We are a global cyber security and technology Group with an integrated and diverse range of products and services which deliver comprehensive and multi-tiered Cyber Defence-in- Depth strategies for our clients. Our off-the-shelf and tailored solutions help organisations seamlessly manage the increasingly complex cyber and privacy compliance all organisations face today. From ISO 27001, PCI DSS and Penetration Testing to Cyber Security as a Service and DPO as a Service to Privacy by Design and Data Water marking, our specialist services and professional expertise give clients, both large and small, peace of mind. As a Group, we believe we have the most comprehensive and integrated global portfolio of cyber and privacy solutions. Our combined expertise makes us the business world’s go-to resource for robustly managing cyber threats alongside meeting global privacy requirements. 263613 GRC Annual Report 2022 Cover with spine.indd 5-6 263613 GRC Annual Report 2022 Cover with spine.indd 5-6 31/08/2022 11:54 31/08/2022 11:54 Designed and printed by Perivan GRC International Group plc Unit 3, Clive Court Bartholomew’s Walk Cambridgeshire Business Park Ely CB7 4EA T: 0330 999 0222 www.grci.group Our expertise, your peace of mind Annual Report & Accounts 2022 G R C I n t e r n a t i o n a l G r o u p A n n u a l R e p o r t & A c c o u n t s 2 0 2 2 We believe we are a global leader in integrated cyber and privacy compliance solutions 263613 GRC Annual Report 2022 Cover with spine.indd 2-3 263613 GRC Annual Report 2022 Cover with spine.indd 2-3 31/08/2022 11:54 31/08/2022 11:54
Continue reading text version or see original annual report in PDF format above