Gorman-Rupp Co.
Annual Report 2023

Plain-text annual report

GRC International Group plc Unit 3, Clive Court Bartholomew’s Walk Cambridgeshire Business Park Ely CB7 4EA T: 0330 999 0222 www.grci.group Our expertise, your peace of mind Annual Report & Accounts 2023 G R C I n t e r n a t i o n a l G r o u p A n n u a l R e p o r t & A c c o u n t s 2 0 2 3 A global provider for integrated cyber and privacy compliance platforms and solutions that help organisations implement their cyber defence in depth strategies Our expertise, your peace of mind Our expertise, your peace of mind CONTENTS Strategic Report Highlights At a Glance Chairman’s Statement Chief Executive Officer’s Review Market Overview Strategic Approach Business Model Operational Model Financial Review Risk Management Key Performance Indicators Stakeholder Engagement Corporate Governance Governance Report Application of the QCA Code Board of Directors Audit Committee Report Remuneration Committee Report Directors’ Report Statement of Directors’ Responsibilities Financial Statements Independent Auditor’s Report Consolidated Income Statement 1 - 31 2 4 6 12 16 18 19 20 22 26 28 30 34 - 39 34 36 40 42 45 48 49 52 - 97 52 60 Consolidated Statement of Comprehensive Income 60 Consolidated Balance Sheet Consolidated Statement of Changes in Equity Consolidated Statement of Cash Flows Nature of Operations and General Information Notes to the Financial Statements Company Balance Sheet Company Statement of Changes in Equity Notes to the Company Financial Statements 61 62 63 64 73 89 90 91 STRATEGIC REPORT 1 We are a global cyber security and technology Group with an integrated and diverse range of platforms, products and services which deliver comprehensive and multi-tiered Cyber Resilience and Defence-in-Depth strategies for our clients. Our off-the-shelf and tailored solutions help organisations seamlessly manage the increasingly complex cyber and privacy compliance demands all organisations face today. From ISO 27001, PCI DSS and Penetration Testing to Cloud security and DPO as a Service to Privacy by Design and Data Water marking, our specialist platforms, services and professional expertise give clients, both large and small, peace of mind. As a Group, we believe we have the most comprehensive and integrated global portfolio of cyber and privacy platforms. Our combined expertise makes us the business world’s go-to resource for building cyber resilience and robustly managing cyber threats while meeting global privacy requirements GRC International Group plc / Annual Report & Accounts 2023 2 HIGHLIGHTS In the fast-paced and ever-evolving landscape of cybersecurity and compliance, GRC International Group has emerged as a market leader, delivering exceptional results and driving innovation across our range of products and services that seamlessly combine together to offer organisations comprehensive solutions for cyber resilience. As a group of companies with nine subsidiaries operating across the compliance and cyber security space, we are leading the way in helping organisation develop and execute their cyber resilience and defence in depth strategies. to establish and maintain robust cybersecurity and privacy programs to protect their data and the sensitive information of their customers. Failure to comply with these regulations can result in severe penalties and reputational damage. MARKET OVERVIEW Cyber threats have become one of the most pressing challenges for organizations worldwide. The increasing sophistication and frequency of cyber attacks have resulted in significant financial and reputational losses for businesses. The need for robust cybersecurity measures has never been more critical. Despite the alarming rise in cyber threats, there is often a disconnect between senior management’s understanding of cybersecurity risks and the realities faced by organisations. This knowledge gap poses a significant hurdle in implementing effective security measures and puts businesses at even greater risk. To address the growing cyber threat landscape, regulatory bodies and industry frameworks have introduced a multitude of compliance requirements. Companies are now obligated The complex web of regulations and frameworks has given rise to a new market: cyber regulation technology. This market focuses on providing solutions that enable organisations to achieve and maintain compliance with the evolving cyber regulatory landscape. Vigilant Software has positioned itself as the market leader in this burgeoning industry. COMPANY PERFORMANCE Over the past year, our group of companies has experienced revenue growth across most lines of business. This growth is a testament to our commitment to delivering world-class cybersecurity and compliance solutions to our clients. Our subsidiaries have consistently demonstrated their expertise and capability to meet the increasing demands of the market, and our training division saw its best performance in sales in Q4 since the GDPR boom five years ago. FINANCIAL HIGHLIGHTS REVENUE (£’000) £14,660 2023 2022 5% £14,660 £13,902 LOSS AFTER TAX (£’000) £(1,250) 2023 2022 £(997) 25% £(1,250) EBITDA (£’000) £288 2023 £288 (70)% 2022 £954 EARNINGS PER SHARE (UNDILUTED) (1.16)p 2023 2022 (18)% (1.16)p (0.98)p LOSS BEFORE TAX (£’000) £(1,615) 2023 2022 £(1,003) (61)% £(1,615) STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 2023 3 OPERATIONAL HIGHLIGHTS TOTAL BILLINGS2 (£’000) £14,861 2023 2022 WEBSITE VISITS (‘000) 4,086 2023 2022 +1%1 £14,861 £14,794 (5)%1 4,086 4,312 AVERAGE FTE HEADCOUNT 176 2023 2022 +7%1 176 164 WEBSITE REVENUE (£’000) £6,368 2023 2022 +3%1 £6,368 £6,161 BILLINGS PER MONTH PER FTE £7,020 2023 2022 (6)%1 £7,020 £7,477 NET CUSTOMER ADDITIONS 2,673 2023 2022 (12)%1 2,673 3,020 1 Year-on-year: 2023 compared with 2022. 2 The relationship between billings and revenue is explained on page 22. Our strategic vision includes expanding our cyber defence in depth solutions globally, tapping into emerging markets, and establishing strategic partnerships to enhance our reach and influence. By doing so, we will position ourselves as a global leader in cybersecurity and compliance. CONCLUSION We have navigated the complex cyber threat landscape, bridged the understanding gap at senior management levels, and positioned ourselves as the market leader in the emerging cyber regulation technology market. As we continue to focus on key products and expand our cyber defence in depth offerings, we are confident in our ability to drive growth, protect our clients, and remain at the forefront of the cybersecurity and compliance industry. As our subsidiaries experienced rapid growth, we were faced with unique challenges in managing and sustaining this level of expansion. However, we strategically addressed these challenges by implementing efficient operational processes, investing in talent acquisition and development, and optimising our service delivery models. Our ability to overcome these obstacles has fortified our position in the industry and enhanced our reputation as a trusted cybersecurity partner. FUTURE GROWTH STRATEGIES Moving forward, our primary focus will be on developing and expanding our key products and services. We recognize the need for comprehensive and adaptable cybersecurity solutions that address the ever-evolving threat landscape. By investing in threat research and development, we aim to strengthen our portfolio and ensure that our offerings remain at the forefront of the industry. While we have achieved remarkable success within the UK market, we see immense potential for growth beyond our borders. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 2023 4 AT A GLANCE We offer a robust portfolio of integrated cybersecurity platforms, products and services, encompassing a comprehensive suite of Cyber Resilience and Defence-in- Depth solutions. ORGANISATIONS NEED A MULTI-LAYERED, RISK-BASED APPROACH TO BUILD CYBER RESILIENCE 1st line LARGELY DETECTIVE: Continual vulnerability scanning, authentication policy and phishing staff awareness training 2nd line LARGELY PREVENTIVE: Penetration testing, incident reporting, Cyber Essentials, security-trained IT support, cyber security and GDPR staff awareness training 3rd line 4th line LARGELY PREVENTIVE, BUT MORE MATURE: Embedded, risk-based security controls (e.g. ISO 27001 certification) CORRECTIVE: Supply chain security management, business continuity management, IT disaster recovery 5th line RECOVERY: Cyber security insurance As a leading global cybersecurity enterprise, our flagship brand, IT Governance, leverages our extensive and profound expertise to develop and tailor all-encompassing strategies for our clients, irrespective of their organisation’s scale, maturity, or industry sector. Having a supplier that is capable of addressing all IT governance, compliance, and risk management needs within an integrated and comprehensive product and service portfolio is the ultimate and most efficient solution for organisations worldwide. By offering a holistic approach, we have become our client’s go-to choice, providing simplicity and effectiveness in meeting the diverse requirements of organisations across the globe. We work with customers worldwide to address their unique cyber and compliance challenges. This includes: • • • Working with clients to build and deploy practical business-focused security and privacy structures that meet multiple compliance requirements, enabling them to thrive in competitive markets Providing platforms and expertise that help organisations successfully manage their increasing global cyber and privacy compliance, regulatory and legislative burdens Helping to fill the resource and capability gap caused by the shortage of skilled cyber and privacy professionals who are fundamental to successful cyber and privacy compliance operations A COMPREHENSIVE SUITE OF INTEGRATED CYBER SECURITY AND DATA PROTECTION SOLUTIONS – FACILITATING CROSS- AND UP-SELLING GRC International Group plc / Annual Report & Accounts 2023STRATEGIC REPORT STRATEGIC REPORT 5 OUR DIVISIONAL STRUCTURE Over the past four years we have grown from a niche information security and privacy training and consultancy business into a broader Governance, Risk and Compliance Group with a unique Cyber Defence-in-Depth model and a service offering structured around three divisions: e-Commerce, SaaS and Professional Services. Across these three divisions, we work to improve our customers’ cyber resilience and compliance postures. We use our expertise to deliver comprehensive and robust Cyber Defence-in-Depth solutions that are tailored to our customers’ risk appetites, budgets and business goals. This gives them peace of mind and allows them to focus on what their business does best. OPERATING STRUCTURE: • Our primary focus is on people and process domains, and on national and international standards. Unique point solutions integrated to deliver cyber resilience and defence-in-depth e-Commerce • Eight B2B e-commerce websites • ‘Learn from Anywhere’ training delivery model • Publications business: Cyber security, GDPR, Privacy/data protection, risk & compliance • Wide range of books and standards. 24% OF FY 2023 REVENUE Services Helping corporate and public organisations meet compliance and cyber risk management objectives • Penetration testing • PCI DSS & Cloud compliance • Legal, GDPR & DPO services • GDPR & GRC Consultancy Services. Software as a Service • CyberComply platform • Cyber Essentials certification • Vulnerability Scanning • GRC e-learning • Privacy as a Service • Document Kits templates. 48% OF FY 2023 REVENUE 28% OF FY 2023 REVENUE • • • We have a wide-ranging, proprietary product and service offering, supported by substantial IP. We have the market-leading IT Governance brand, with a unique Cyber Defence-in-Depth model. We are sector-agnostic and UK-based, with strongly developing businesses in USA and EU, and Asia-Pacific toehold. • • • • We protect our clients, and help them to comply and thrive in an increasingly complex cyber risk environment. Our SaaS division embeds and provides longer term support across the spectrum of cyber and privacy requirements Our e-commerce division attracts clients and provides them their first experience of our expertise and service quality Our service division expands these relationships providing hands-on implementation advice, ongoing support and continual improvement in the face of evolving threat and regulatory challenge We believe the Group is a market leader for Cyber Defence-in-Depth strategies and resources – we can help organisations put a Defence-in-Depth model together, resource it, deploy it, maintain it and adapt it to the changing threat environment. Our Cyber Defence-in-Depth approach means we sell long term strategic relationships to our clients, which provides key cross-selling and up-selling opportunities across the Group. Our offering scales with mass automation at the lower organisational size and with bespoke options at the solutions at the enterprise end. OUR CUSTOMERS INCLUDE: BAE Systems, Barclays, BBC, BT, Carlsberg, Domino’s, Dun and Bradstreet, Freshfields Bruckhaus Deringer, Grant Thornton, Halfords, HSBC, John Lewis, Kubota, National Health Service, Next, Inmarsat, Royal Mail, Sipchem, Slaughter & May, Thames Water, The Bank of England, UK national and local government departments, Vodafone, Volkswagen, US Army, PwC. WHERE WE ARE: We are a global group of companies that offers in-country delivery tailored to local needs and cultures. Physical offices: UK, Ireland and the United States. Website: 11 regional websites; in the EU we also provide country-level access to all 27 member states. CROSS SALES / DIVISION 1 2 3 Service Centre Websites CRM System(s) ITGP Books & Toolkits EU and USA Channel Team 24% E-Commerce Division Training. Distribution. UK Digital Marketing. Cloud and PCI training. 1 2 28% SaaS Division Cyber Essentials. GRC e-Learning, (incl. Bespoke). GDPR.co.uk. Vigilant Software. EU/UK Rep and CSaaS. 48% 3 Services Division GDPR and GRC Consultancy. Technical Services. GRCI Law. DQM GRC. Cloud Consultancy, SOC2 Consultancy, Cyber Incident Response. GRC International Group plc / Annual Report & Accounts 2023 6 CHAIRMAN’S STATEMENT Andrew Stephen Brode Chairman It is my pleasure to introduce GRC International’s Annual Report for the year ended 31 March 2023, the Group’s sixth Annual Report since it was listed on the London Stock Exchange’s AIM market in March 2018. Revenues grew by 6% to £14.7m, and the loss for the year was £1.25m. The final quarter yielded excellent results, providing confidence about the outlook for FY24. OVERVIEW In its early life the Group focused upon delivering an integrated solution to the business problem of responding to cyber threats and compliance requirements, thus enabling boards to have oversight of the technology. The introduction of GDPR added compulsion to the concept of cyber security, privacy and underpinned our successful listing. When GDPR began to recede in importance the Group refocused towards a SaaS based model based upon the combination of cyber security and privacy – Cyber Depth in Defence. Since then, cyber risk has risen dramatically but boardrooms view the issue as one of technology rather than governance and risk management. The explosion in cyber and privacy compliance, the increasingly expensive cyber insurance and the reputational risks will all help the Group to expand. The financial year covered in this Annual Report has been challenging on several fronts. The macro-economic climate has been unhelpful with high inflation, high interest rates and weak overall growth. Combined with a tight labour market and slow decision making by clients, the Group has exhibited commendable resilience. PERFORMANCE Revenues grew by 6% to £14.7m, and the loss for the year was £1.25m. The final quarter yielded excellent results, providing confidence about the outlook for FY24. The balance sheet still reflects the damage experienced during the pandemic and its aftermath. Management has done an excellent job of handling creditors; in particular agreement on the repayment of overdue HRMC liabilities was achieved and delivered. PEOPLE The Group is highly dependent on the performance of its staff. During the pandemic, they all learned to work effectively from home, and this has largely continued, albeit we are now able to present public courses face to face. Our employees continue to GRC International Group plc / Annual Report & Accounts 2023STRATEGIC REPORT STRATEGIC REPORT 7 demonstrate their hard work and dedication to providing the service that demanding clients expect. On behalf of the Board, I would like to thank them for their outstanding contribution, against a challenging background. OUTLOOK The first quarter of FY24 has performed in line with the Board’s expectations. We have no doubt that our products and services form a vital part of the sustainability agenda for businesses everywhere. We see no let up in the growth of cyber attacks and the consequent risks, both financial and reputational. We are well positioned to take advantage of these trends and anticipate a better FY24. Andrew Brode Chairman 4 September 2023 GRC International Group plc / Annual Report & Accounts 2023 8 OUR STORY SO FAR Our vision is to provide organisations with an integrated solution to tackle the dual challenges of cyber threats and compliance requirements while aligning these actions with their core business objectives. This idea is centred around the concept of “IT Governance,” which emphasises board oversight of technology and a comprehensive governance, risk management, and compliance (GRC) strategy. Our initial product offering, focused around ISO 27001, aimed to address this business problem. However, it proved to be a tough sell. Many organisations did not consider cybersecurity a genuine business issue, often leaving it solely in the hands of their IT teams, who resorted to deploying more technology as their solution. Then came the advent of the General Data Protection Regulation (GDPR), which brought compulsion to the forefront of cybersecurity and extended its scope to privacy. GDPR made it abundantly clear that cybersecurity and privacy were fundamentally about GRC, rather than just technology. Recognising the imperative created by GDPR, we swiftly adapted our business model. We built a highly scalable and fast-growing enterprise, capitalising on the increased demand for compliance. However, our focus was primarily transactional, with only a small number of long- term contracts. As the fervour surrounding GDPR gradually subsided, we realized the need to restructure our cost base, shift toward a Software-as-a-Service (SaaS) model, and refocus our business on the combination of cyber security and privacy, which we now refer to as “Cyber Defence in Depth.” Unfortunately, following GDPR, the responsibility for solving cyber security challenges fell back into the hands of technology teams. However, there was a growing disconnect as C-Suites lacked understanding of the technology and failed to recognize that their own staff were often the weakest links. Technology alone could not provide the solution; organisations required robust GRC frameworks. A prevalent misconception among organisations is the belief that they won’t be targeted by cyber attacks. In reality, regulatory pressure and customer demands drive them to prioritise cybersecurity, often surpassing common sense. Consequently, we have witnessed an explosion of cyber and privacy regulations, all of which essentially serve as GRC frameworks. Meeting compliance with multiple regulations has become expensive, time-consuming, and challenging due to a lack of in-house expertise. Additionally, cyber insurance providers now seek the same GRC frameworks as regulators, making cyber insurance both expensive and selective. Over the years, we have developed our flagship product, CyberComply, and its modules as upsell products, addressing pain points across various regulatory frameworks. As customer demands and challenges have evolved, we recognise an opportunity to position CyberComply as the core product within our Group, acting as a gateway to our comprehensive range of offerings. Scaling our business is within our capabilities, but to achieve this, we must invest in accelerating the CyberComply roadmap. By doing so, we will establish a fast-growing business with sustainable revenues, ensuring that we remain at the forefront of the industry. The journey from IT Governance to Cyber Defence in Depth has been one of growth, adaptation, and continuous innovation. We remain committed to providing organisations with the necessary tools and expertise to navigate the ever-changing cyber landscape, ensuring their long-term success and resilience. GRC International Group plc / Annual Report & Accounts 2023STRATEGIC REPORT 2023 2020 2018 STRATEGIC REPORT 9 2016 2022 2019 2017 2012 TIMELINE Launched suite of DORA (Digital Operational Resilience Act) and EuroPrivacy products and services. 2023 Successful growth of the consulting division leads to the launch of IT Governance’s penetration testing solutions. 2010 2022 Launched Cloud Security Consultancy services. 2008 IT Governance launches training division focusing on information security management and ISO 27001 courses. Launched Cyber Security as a Service (CSaaS) and Privacy as a Service (PaaS) solutions. 2020 IT Governance launches consultancy division focusing on information security and management system standards. 2007 2019 GRC International Group acquires DQM GRC and establishes GRCI Law a legal, risk and compliance consultancy firm. 2006 IT Governance Ltd co-founds Vigilant Software to develop software that help organisations assess and reduce information security risks. GRC International Group becomes the holding company and is admitted to trading on the LSE’s AIM. US subsidiary incorporated and office opens in New York. The Group acquires www.gdpr.co.uk. 2018 E-commerce website launches selling books and documentation toolkits on information security. 2005 2017 First to market with GDPR training courses, qualifications and consultancy services. 2002 Incorporation of IT Governance Ltd. Alan Calder, CEO, becomes sole shareholder and is appointed Director. Irish subsidiary incorporated and office opens in Drogheda (IT Governance Europe Ltd). 2016 Two of our directors, Alan Calder and Steve Watkins, become the first people in the UK to successfully implement an ISMS compliant with BS 7799 (the precursor to ISO 27001). 1997 2012 Vigilant Software Ltd becomes a wholly owned subsidiary of the Group. 2008 2006 2002 2010 2007 2005 1997 GRC International Group plc / Annual Report & Accounts 2023 10 OUR MISSION AND VALUES OUR MISSION We serve an international customer base and deliver a broad range of integrated, high-quality solutions that meet the real-world needs of today’s organisations, directors and practitioners. Our mission is to use our Group’s combined expertise to deliver peace of mind to organisations across the globe, and to help them: PROTECT their business assets and intellectual capital COMPLY with the worldwide increase in regulation and legislation THRIVE as they use improved cyber and privacy practices to achieve business goals STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 2023 11 OUR VALUES GRC International Group is a dynamic and fast-paced business that is dedicated to: 1 2 3 4 5 6 Solving our clients’ real business problems Being open and transparent with our clients, partners and other stakeholders Being honest, responsible and accountable for the work we do Collaborating with our colleagues and stakeholders Showing leadership and initiative both within the business and externally Delivering results and exceeding our clients’ expectations STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 2023 12 CHIEF EXECUTIVE OFFICER’S REVIEW Alan Philip Calder Chief Executive Officer After a strong final quarter in FY23, momentum has continued into Q1 of the new financial year. Trading remains robust and in line with expectations. The substantial progress made last year and our ongoing investment in infrastructure should support the Group’s longer-term growth aspirations. OVERVIEW GRC International Group made significant progress last year in its post-GDPR turnaround. Encouragingly, in spite of geo-political and economic headwinds, it was our second year in a row of positive EBITDA. It was our third year in a row of revenue growth and revenue in the year was higher than we achieved in 2020, the year preceding the onset of the Covid pandemic. It was our third year in a row of increasing gross margin and our FY23 gross margin now matches what we achieved in the GDPR rocket fuelled FY18. It was also the third year in a row of improvement in our NPS (Net Promoter Score) service quality results. Finally, it was our sixth straight year in a row of improving the recurring and contracted percentage of our total revenue. STRATEGY Cyber security has three domains: people, process and technology. Most cyber security vendors focus on selling technology solutions to technology teams in their corporate clients. Technology, though, is not the answer. The strategic cyber vulnerabilities for most organisations are in the areas of under skilled people and inadequate processes. The GRC International Group provides integrated compliance-linked solutions that enable our corporate clients to build cyber resilience and cyber defence-in-depth by deploying effective governance, risk management and compliance (GRC) across the people and process domains. The market is increasingly competitive, with a proliferation of new entrants, both small start-ups and larger investor-backed growth businesses. In this environment, our experience and expertise are as important in winning and retaining customers as the breadth of our international accreditations and the proven quality of our service. As we have said before, we see significant international growth opportunities in the digitally transformed, Cloud based, increasingly vulnerable, hybrid working environment as a result of: • • • Corporates, large and small, domestic and multinational, having to deal with a growing number of increasingly complex regulations and enforcement in the Group’s three primary geographic markets of the UK, EU and US. All clients facing escalating nation-state and criminal (serious organised crime) cyber-attacks. Significant and deep-seated national and international cyber and compliance skills deficits. In this environment, our strategy is to offer an integrated suite of sensibly priced, high-quality GRC products and services on an increasingly longer-term contracted basis. The proliferation of legal requirements (both cyber and privacy and customer-mandated security practices) is driving organisations to start looking for compliance platforms that can systematically, and cost effectively support their risk management strategies. Our ongoing investment in our CyberComply platform, in our other software-as-a-service offerings, and in our e-commerce websites are all elements of what we see as the development of a cyber regulation technology (‘cyber reg tech’) market. This is a market that we aspire to lead. In the longer term, we plan to accelerate growth nationally and internationally, organically and by acquisition. Today’s fragmented and rapidly growing international cyber markets offer significant organic and consolidation opportunities. We believe that the Group’s proven resilience and agility will enable it to exploit those opportunities in the years ahead. The Group’s medium-term objective is to build annual revenue, both organically and through acquisition, to in excess of £50m, with gross margins and EBITDA margins in the order of 65% and 25% respectively. GRC International Group plc / Annual Report & Accounts 2023STRATEGIC REPORT STRATEGIC REPORT 13 CURRENT TRADING AND OUTLOOK The strong FY23 Q4 sales momentum, billings, numbers of new business leads and cash generation has continued into the current financial year. Importantly, we ended FY23 with £2.3m (£2.2m at end FY22) of FY24 revenue already invoiced. Our overall growth is driven by client acquisition through our e-commerce division, the continued deployment of expertise through our services division to solve client problems and create opportunities for SaaS deployment. The SaaS division underpins our Cyber Resilience and Cyber Defence-in- Depth offering and should support double-digit organic divisional billings growth in the current financial year. The publication of regulations such as DORA (the Digital Operational Resilience Act) in the EU, the EU’s EuroPrivacy GDPR compliance certification, new SEC regulations in the US in respect of Cyber Security governance, risk management and compliance, and proposed changes to the UK’s privacy and cyber security regulatory framework, all play into our broad product and service offering. We see our CyberComply platform, which is essentially a regulatory technology compliance platform, as having a key role to play in supporting clients implement and maintain compliance frameworks in this changing environment. We are continuing to invest in our e-commerce and SaaS infrastructure in order to extend our cost-effective automated fulfilment and customer support. We are on the point of rolling out significantly improved functionality to our EU and USA websites, as well as significantly improving our automated support for our SaaS business. The use of Artificial Intelligence (AI) is a key strand of our current development activity, as we look at ways in which we can both reduce costs and increase speed and agility through its effective use. Major development work in our CyberComply platform is seeing significant functionality enhancements released every quarter and we are planning an October 2023 soft launch of an exciting CyberComply development roadmap and pricing model that we expect to drive significant medium and long-term increases in revenue and margins. AI and ML obviously have an important contribution to make to improving our gross margins, reducing overheads and accelerating software development – while also improving our software product – and we will report in due course on how our work in that field is driving improvements in the business. After a strong final quarter to FY23, momentum has continued into Q1 of the new financial year. Trading remains robust and in line with expectations. The substantial progress made last year and our ongoing investment in infrastructure should support the Group’s longer-term growth aspirations. FY23 PERFORMANCE REVIEW Following the 2019 collapse in the GDPR market, we set ourselves four medium term objectives: to re-build revenue growth around an offering that combined cyber security and privacy, to recover our gross margins to in excess of 60%, to make contracted and recurring revenue more than 70% of our total revenue and, though automation and process improvement, control overheads so that we would consistently generate positive EBITDA. We have now achieved all four of those objectives. Our cyber resilience, cyber defence-in depth offering recognises that cyber security and privacy are different sides of the same coin and our value statement (‘Our expertise, your peace of mind’) reflects that value to our customers. In spite of the significant disruption during our Q3, in which the UK dealt with the death of the monarch, the chaos surrounding the end of the Johnson premiership and the short-lived Truss administration, all on top of the geo- political headwinds triggered by the Russian invasion of Ukraine, we achieved a 6% year-on-year revenue increase. Strong performances in the US as well as in our smaller UK subsidiaries all helped counterbalance the temporary Q3 decline GRC International Group plc / Annual Report & Accounts 2023 14 CHIEF EXECUTIVE OFFICER’S REVIEW CONTINUED in our main UK business. While the Q3 disruption effectively halted our billings growth in Q3, we did recover momentum from the start of Q4 and our Q4 performance virtually matched the prior year. Our gross margin in FY23 increased to 61% from 59% the prior year. This was achieved through a combination of improving sales mix toward higher margin SaaS offerings and successfully pushing price rises through our professional services and e-commerce businesses. Recurring and contracted revenue increased by a substantial 30% (£2.4m) to £10.7m, which was 73% of group revenue. In the prior year it was only 59% and, considering that the equivalent figure in FY18 was only 2.5% of revenue, is a key indicator of the transformation in the Group. In the context also of the economic and political headwinds last year, and considering the growth in competition in our markets, this is a significant improvement. It reflects our focus through the year in growing predictability and stability in revenue. At the start of the financial year, we set ourselves the additional objective of significantly improving the quality of our products and services. We believe that quality will, in an increasingly competitive marketplace, be a key differentiator. Our primary chosen measure for service quality is NPS (Net Promoter Score). Our average score in FY22 was 37 (good, but not excellent). We recognised that we would have to make sustained investments in developing and retaining our people and improving our infrastructure in order to move the NPS dial meaningfully. We increased overhead spend during FY23 by £1.3m in order to do this. That investment shows through in significant ongoing improvements in product and service quality. The Group increased its NPS score to 48 (50+ is ‘excellent’) from 37 the previous year, and our initial steps into encouraging customers to rate our e-commerce services on TrustPilot achieved an average score of 4.5 (out of 5) in Q4, which is rated as ‘excellent’. In spite of the overhead investment to drive up performance quality, and in spite of the macro-headwinds, we delivered a second year of positive EBITDA. We expect, in FY24, to make further improvements in all those areas. 48% OF FY 2023 REVENUE +6% YOY PERFORMANCE Divisional performance Performance in our three revenue divisions reflected the overall performance. Services Our services division helps corporate and public organisations meet compliance and cyber risk management objectives. This division offers: • • ISO/IEC 27001 (and related standards) implementation, audit and support services A wide range of cyber security management systems and control implementations • Penetration testing • PCI DSS & Cloud compliance • Legal, GDPR Data Protection Office (DPO) and Privacy by Design services We saw 6% revenue growth in the services division, and we successfully increased prices during the year as well as improving the level of longer-term contracted revenue. Gross margin in the division improved from 60% to 63% and demonstrates that clients value the quality of our advice and support in their security and privacy endeavours. e-Commerce Our e-commerce division works with both individuals and business and includes: 24% • Eight B2B e-commerce websites OF FY 2023 REVENUE 0% YOY PERFORMANCE • • ITGP, our publishing business, offers a wide range of books and standards, covering GRC, cyber security, GDPR, privacy/ data protection, risk & compliance. ‘Learn from Anywhere’ training delivery, with accredited training for a wide range of cyber security and privacy qualifications. We continue to make good progress with developing self-paced versions of the instructor-led courses in our training portfolio. This enables us to target markets and time zones for which our instructor-led offering is either difficult to attend or unaffordable. We are also making good progress in producing audio versions of our ITGP titles and expect that, in the course of this year, ITGP will transition completely to electronic delivery only across the entire product range. Revenue growth in our c-commerce division was largely flat across the year but, again, we were able to improve gross margins from 64% to 68%, through a combination of price increases and better attendance at in-person (largely online) training courses. GRC International Group plc / Annual Report & Accounts 2023STRATEGIC REPORT STRATEGIC REPORT 15 Software as a Service This division is focused on delivering cyber security and privacy subscription solutions from a growing range of cloud-based platforms. These include: • CyberComply GRC ‘reg tech’ platform • Cyber Essentials certification • Vulnerability Scanning • GRC e-learning (staff awareness training) • Privacy as a Service • Document Kits templates We continued to expand the range of cyber security and privacy standards and frameworks that can be addressed though the CyberComply platform. At the same time, we also continued expanding the staff awareness e-learning portfolio outside the core cyber security and privacy product range to include the other GRC subjects (such as business continuity, quality management, anti-bribery and anti- money laundering) that clients expect to see on GRC staff awareness platforms. Half of the Group’s FY23 revenue growth was in the Software-as-a-Service division. Revenues in the division grew 11% across the year, with the growth primarily spread across e-Learning staff awareness, the CyberComply GRC management platform and the DQM Seeding System. Gross margin in the SaaS division decreased slightly from 87% to 84%, reflecting higher input prices from IASME which, combined with their pricing restrictions, squeeze margins. We do, however, see opportunities for improving the margins here. International and Channel performance Our businesses in the EU and the US continued to grow. Although their offering is currently more limited than that available in the UK, both businesses saw growth across the year. The US business, in particular, achieved 54% growth in revenue, demonstrating the benefit of being completely divorced from the turmoil in the UK economy during Q3. Our channel sales business, which helps MSPs (Managed Service Providers) deliver to their customers a range of IT Governance-branded cyber security and privacy services, had another year of strong growth. The channel team’s primary market last year was in the UK in which they achieved 18% revenue growth. 28% OF FY 2023 REVENUE +11% YOY PERFORMANCE QUALITY AND ACCREDITATIONS Externally audited certifications are one of the ways that we demonstrate the quality of our offerings to our customers. Our business management system continues to be accredited to ISO/ IEC 27001, ISO/IEC 27701 and ISO 9001. These certifications are supported by those from professional bodies such as CREST, the UK’s National Cyber Security Centre (NCSC), the Payment Card Industry Security Standards Council (PCI SSC), and IASME for Cyber Essentials Plus as well as by those from exam and personnel certification bodies, such as IBITGQ, ISC2, APMG and Microsoft. Additionally, we have been accredited to deliver consultancy services against the SWIFT cyber security requirements, the US Department of Defence CMMC (Cybersecurity Maturity Model Certification) and the EU’s EuroPrivacy standards. We are currently preparing for certification to ISO 22301 of our Business Continuity Management System. SECURITY AND COMPLIANCE As should be expected of all organisations, we successfully navigated the year’s cyber security and regulatory compliance challenges. There were no reportable cyber security incidents and no breaches of applicable cyber security or data security legislation. Alan Calder Chief Executive Officer 4 September 2023 GRC International Group plc / Annual Report & Accounts 2023 16 MARKET OVERVIEW: THE STATE OF THE CYBER SECURITY MARKET “As the digital economy grows, digital crime grows with it. Soaring numbers of online and mobile interactions are creating millions of attack opportunities. Many lead to data breaches that threaten both people and businesses. At the current rate of growth, damage from cyberattacks will amount to about $10.5 trillion annually by 2025 – a 300 percent increase from 2015 levels.” McKinsey, 20221 Cybercrime is growing as fast as it is because there are currently no limits to the opportunity. The attack surface continues to expand while offensive threat capabilities improve more quickly than defensive ones. Proliferating regulatory and contractual compliance requirements escalate the challenge for all organisations. 1 New survey reveals $2 trillion market opportunity for cybersecurity technology and service providers | McKinsey Cybercrime is growing as fast as it is because there are currently no limits to the opportunity. The attack surface continues to expand while offensive threat capabilities improve more quickly than defensive ones. Proliferating regulatory and contractual compliance requirements escalate the challenge for all organisations. ATTACK SURFACE From the cybercriminal’s perspective, expansion of the digital economy’s attack surface is being driven by corporate and government digitisation agendas, by the migration of so many services to the cloud, by the entrenchment of remote and hybrid working, and by the proliferation of Internet of Things (IoT) devices and functionality. This expansion is focused on accessibility, ease of use and speed of deployment; data security and privacy are not usually built in by design and, in very many cases, security is seen as a cost to be avoided rather than an essential feature. The attack surface consists of three domains: people, process and technology. Inadequate governance, risk management and compliance strategies at most organisations allow weaknesses and vulnerabilities to proliferate in all three. Where organisations do invest in cyber security measures, the cyber security budget is often under the control of the IT or technology teams who, unsurprisingly, spend the budget in the technology domain. As a result, cyber criminals primarily focus on exploiting vulnerabilities in the people and process domains. While global enterprises usually have adequate resource and resilience to address cyber risks. Small and medium businesses, corporations and public sector organisations don’t. There is a global shortage of competent practitioners (the cybersecurity workforce gap is estimated to be in the region of 2.7 million people). Attackers prefer weaker targets and cybercrime damages are consequently forecast to increase at a rate of 15% pa from $3 Trn in 2015 to $10.5 Trn by 2025. (Cybersecurity Ventures). THREAT LANDSCAPE In what is clearly a target-rich environment, the economics of cybercrime specifically encourage ransomware and business email compromise (BEC) attacks. The reality that human beings are the weakest link in any cyber security environment has led to the widespread deployment of both attack types, both of which can be carried out at scale, at a distance, at low cost and through associates and intermediaries. Phishing emails and related text and voice mail messages exploit well-known human frailties which continue to exist because most organisations take inadequate steps to prevent them. Multiple other attack vectors exploit software vulnerabilities that exist through inadequate or incorrect configuration, connection or coding. Absence of effective risk management and security oversight means that most beaches are discovered well after the cyber criminals have done their work. GRC International Group plc / Annual Report & Accounts 2023STRATEGIC REPORT 17 Supply chain vulnerabilities are an increasingly interesting attack vector as a successful breach of, for instance, a software vendor, can facilitate the deployment of ransomware or other malware to all the customers of that supplier. There is also an overlap between the espionage and offensive cyber operations of nation states and the illegal activities of cyber criminals that boosts the capabilities of both. The deployment by cyber criminals of artificial intelligence, machine learning, and advanced analytics will accelerate the growth in number of successful attacks. Organisations are beginning to realise that their cyber risk management strategies need to be substantially more sophisticated and comprehensive than they are, and that their primary future focus has to be on the people and process domains. COMPLIANCE ENVIRONMENT Sustained corporate failure to address cyber security and privacy risks has led to a surge in national and international cyber security and privacy regulations. The EU GDPR led the way, and its restrictions on the movement of personal data to less secure environments than the EU has driven the creation around the world of similarly restrictive data protection legislation. Regulation is now going further than simply protection personal data. In the EU, for instance, there is a new law requiring financial sector organisations to demonstrate their operational resilience, and to extend their risk mitigation measures to their supply chains. In the USA, the Department of Defence is requiring its suppliers around the world to demonstrate their cyber security maturity and the SEC has voted to introduce requirements on listed entities to put in place board-led cyber security strategies. Alongside the top-down, multi- jurisdictional regulatory compliance pressure, organizations increasingly face contractual compliance requirements from customers and suppliers. Merchants processing payment cards have to comply with the PCI DSS. Data processors have to comply with specific GDPR provisions in relation to any personal data processing they do on behalf of their customers. Software quality and security framework compliance requirements are increasing. Organisations have to evidence to their customers that they comply with national and international standards and laws as well as their specific customer requirements. Geopolitics: Geopolitical tensions and cyber warfare incidents underscore the critical role of cyber security in national security. Governments and enterprises alike face having to allocate substantial resources to fortify their digital defences and build cyber resilience, driving demand for comprehensive cyber security defence in depth solutions. ADDRESSABLE MARKET This combination of attack surface, threat horizon and compliance environment is driving very substantial growth in the cyber security market. McKinsey believes the total addressable market may reach $2 trillion, which would be around 10X the current vended market. GRC International Group is specifically interested in three of the 13 segments within that market: data protection; Governance, risk management and compliance, and Security consulting. Between them, those three sectors represent an addressable market of between $200bn and $400bn, currently only penetrated to between 15% and 35%. In addition, GRC International Group comprehensive product and service portfolio means that it has an interest all the other segments of the market. Within the Group, Vigilant Software’s CyberComply platform also addresses the Security and Operations Management segment, which itself has an addressable market of $300bn to $500bn, currently only 1% to 5% penetrated. SUPPLY-SIDE LIMITATIONS There are very few substantial cyber security vendors. The proliferation in recent years of cyber security startups means that there is a substantial number of small, single-solution security technology vendors vying for traction, none of whom make it easier for buyers to solve their people and process cyber security challenges. Buyers need access to suppliers who can deliver comprehensive, integrated defence in depth solutions that enable them to build multi-compliant cyber governance and risk management resilience frameworks. GRC International Group is a leader in exactly that. “Looking ahead to 2022-2023, cybersecurity must be seen as a strategic business issue that impacts decision-making’” World Economic Forum, 2022 STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 2023 18 STRATEGIC APPROACH Introduction Our view has always been that cyber security and privacy are business issues, not just technology ones. Boards and senior managements are accountable for managing risks in the deployment and use of information and technology in their businesses. Boards and senior managers tend not to be technology experts and effective technology risk management therefore depends on robust and transparent information technology governance frameworks. The Group’s expertise lies in designing and deploying appropriate governance, risk management and compliance frameworks that enable its business clients to manage and mitigate technology risks in line with legal, regulatory and contractual requirements. Our primary focus is on helping managements develop operational resilience in cyber security and privacy by helping them evolve a cyber defence-in-depth strategy that meets their specific requirements. We recognise that, traditionally, boards and senior managements have delegated technology responsibility to their technology teams, with the result that they have therefore tended also to delegate technology risk management to those same teams. The reality, though, is that technology teams are rarely equipped to make appropriate decisions regarding business risk management and compliance. Today, critical technology risks originate in human fallibility or inadequate business processes, neither of which can be mitigated through technology alone. Regulatory compliance initiatives, which are largely sector- agnostic, are forcing managements to implement technology governance, risk management and compliance frameworks that affect technology-user interactions across the business as a whole. GRC International Group plc / Annual Report & Accounts 2023STRATEGIC REPORT STRATEGIC REPORT 19 THE MARKET The market for GRC products and services for cyber resilience and defence in depth is large and growing quickly. Growth is driven by the combination of increasing regulation, supply chain pressure and the difficulty in obtaining corporate cyber insurance without being able to evidence effective cyber security, privacy and payment card security compliance. The market is highly fragmented and in an early evolutionary stage, with a large number of single-product recent entrants (some VC-backed) struggling to find their niche. Customers don’t want single product solutions; they need integrated cyber defence-in-depth. The broad GRC International Group portfolio, the depth our expertise and the strength of our brands enables us to win against both smaller and larger competitors. BUSINESS MODEL Our business model is built around the idea that a potential client should be able to find us for anything to do with governance, risk management and compliance in respect of cyber security and privacy, and that our websites and customer responsiveness should enable us to establish an initial, single-product transaction out of which we might be able to grow a more substantial and longer-lasting relationship. This approach depends on sector-agnostic subject matter expertise, a wide and integrated portfolio of proprietary products and services (supported by substantial IP of our own), effective e-commerce websites and knowledgeable sales and delivery teams. Initial contacts are achieved through authoritative website and social media content and comment, supported by specialist books and guides from IT Governance Publishing. Multiple third party accreditations, for products and services, combined with wide-ranging customer endorsements and high NPS (Net Promoter Score) results help convert those initial contacts into initial e-commerce transactions, typically for a book, an international standard or a training course. Our sales and customer relationship teams use that initial transaction as the starting point for developing a longer-term relationship, whether that is around a more extended individual learning pathway or a corporate compliance and risk management strategy. Productised services and packaged offerings simplify choice for smaller customers and for salespeople. Increasingly automated fulfilment frees account managers to concentrate on strengthening relationships through long term contracts for specific compliance and support services, delivered through our expert teams, through embedded software or through a combination of both. OPERATIONAL MODEL Our e-Commerce division provides customers with proprietary, expert content and professional qualifications. Our services division delivers expertise into larger client organisations on a longer-term contracted basis. • Enabling clients to address their skills and knowledge gaps • Enabling clients to access subject matter expertise and the range of products and services from across Group. Our SaaS division delivers compliance and management platforms. • Enabling clients to embed consistent, robust and regularly updated compliance processes into their operations. GRC International Group plc / Annual Report & Accounts 2023 20 OPERATIONAL MODEL GRC International Group plc / Annual Report & Accounts 2023 STRATEGIC OBJECTIVE Our medium-term objective is to build, both organically and through acquisition, annualised revenue of £50m, with gross margins in excess of 65% and EBITDA margins of 25%. Two key building blocks for this objective are consistently high NPS scores, which support our premium pricing approach, and for recurring and contracted revenues to be at least 70% of our overall revenue. HOW WE ADDRESS THE MARKET We work closely with our wide range of clients to find appropriate solutions to suit their budget and culture. Our mission is to engage with business executives, senior managers and IT professionals, and to help them: PROTECT and secure their intellectual capital COMPLY with relevant regulations; and THRIVE as they achieve strategic goals through better governance, risk management and compliance. THE ITG PROPOSITION DELIVERING UNIQUE MULTI-LAYERED, RISK-BASED APPROACH TO HELP CLIENTS BUILD AND EMBED CYBER RESILIENCE. 1st line LARGELY DETECTIVE: Continual vulnerability scanning, authentication policy and phishing staff awareness training 2nd line LARGELY PREVENTIVE: Penetration testing, incident reporting, Cyber Essentials, security- trained IT support, cyber security and GDPR staff awareness training 3rd line LARGELY PREVENTIVE, BUT MORE MATURE: Embedded, risk-based security controls (e.g. ISO 27001 certification) 4th line CORRECTIVE: Supply chain security management, business continuity management, IT disaster recovery 5th line RECOVERY: Cyber security insurance GRC IMPLEMENTATION JOURNEY THE TYPICAL IMPLEMENTATION JOURNEY COVERS ALL STANDARDS, REGULATIONS AND REQUIREMENTS STRATEGIC REPORT STRATEGIC REPORT 21 INVESTMENT CASE Clear strategy: • Exploiting fast growing and fragmented international market Market opportunities and drivers • Growth opportunities in digit ally transformed, Cloud-based, increasingly vulnerable, hybrid-working environment: • Fragmented and rapidly growing international markets offer significant consolidation opportunities. • Cybersecurity market forecast to grow to £352bn by 2026, at a 14.5% CAGR* Position/USPs • Established, respected, market-leading 20-year old IT Governance brand. • Experienced, resilient cross-Group management team with strength in depth. • Broad customer base, across multiple segments and organisation sizes. • Dominant SO positioning supported by extended PR links, with 4 million+ annual visits • Unique cyber defence-in-depth offering - wide & deep range of products and services with numerous cross and upselling opportunities. • Unique, valuable intellectual capital (Software, content, brands, know-how). • Product quality demonstrated by multiple national & international accreditations, customer endorsements and NPS scores. • Established WFH/remote working model that supports international recruitment, growth and delivery. SUPPORTING CLIENTS RESEARCH: Understand the topic PREPARE: Acquire skills IMPLEMENT: Deploy and document MAINTAIN: Audit and improve 4m+ ANNUAL WEB VISITORS 110k BOOKS AND GUIDES SOLD 30k TRAINING CERTIFICATES AWARDED 100k 275 SIMULTANEOUS CONSULTANCY PROJECTS 13k STAFF AWARENESS USERS DOCUMENTATION TOOLKITS SOLD 5k ACTIVE SUBSCRIPTIONS 5k CYBER ESSENTIALS CERTIFICATES AWARDED THE GRCI PORTFOLIO A COMPREHENSIVE SUITE OF INTEGRATED CYBER SECURITY AND DATA PROTECTION SOLUTIONS – FACILITATING CROSS- AND UP-SELLING GRC International Group plc / Annual Report & Accounts 2023 22 FINANCIAL REVIEW Chris Hartshorne, FCCA Finance Director The Group saw growth in both its US and European revenues. These are considered to be important future growth markets for the Group, and year on year growth demonstrates an increased international footprint. The most significant revenue growth was in the Software as a Service (SaaS) division. The growth reflects the Group’s focus on and investment in developing its high margin and highly scalable recurring revenue. BILLINGS Billings were up 1% to £14.9m (FY22: £14.8m). Billings equate to the total value of invoices (excluding VAT) raised as cash sales through the Group’s websites. The figure does not take account of accrued or deferred income adjustments that are required to comply with accounting standards for revenue recognition. The Board considers billings to be a key performance indicator because it has a much closer relationship than accounting revenue to cash receipts from customers. It also provides good forward visibility of future accounting revenue since much of the Group’s invoicing takes place ahead of delivery. REVENUE Revenue for the year ended 31 March 2023 was up 6% to £14.7m (FY22: £13.9m). Despite the uncertainty of the current economic climate, with high inflation, high interest rates and low levels of overall economic growth, our H2 revenue was still marginally up on H1. In Q3 the Group saw a notable slowdown in the decision making of clients leading to a lengthening of the sales cycle, but Q4 delivered excellent results. Recurring and contracted revenue was up 30% to £10.7m (FY22: £8.2m). This accounted for 73% of total revenue (FY22: 59%). The most significant revenue growth was in the Software as a Service (SaaS) division. The growth reflects the Group’s focus on and investment in developing its high margin and highly scalable recurring revenue. The growth in the Services division is driven by the increase in retainer type contracts both from new customers and from the renewals of existing contracts, improving the Group’s forward visibility of revenue. £’m FY23 FY22 Period-on-period % FY23 vs FY22 % change Services Software as a Service (SaaS) E-Commerce 7.0 6.6 4.1 3.7 3.6 3.6 Services 6% Software as a Service (SaaS) E-Commerce 11% -% Total 14.7 13.9 Total 6% GRC International Group plc / Annual Report & Accounts 2023STRATEGIC REPORT STRATEGIC REPORT 23 INTERNATIONAL International revenue was up 3% to £3.1m (FY22: £3.0m), representing 21% (FY22: 22%) of total Group revenue. The Group services the majority of its US based clients through its IT Governance USA business and most of its European clients through its IT Governance EU business. Invoicing in USD and EUR respectively. The use of local staff and suppliers in those territories means cost is incurred in local currency providing a natural partial hedge against foreign exchange risk. The Group saw growth in both its US and European revenues. These are considered to be important future growth markets for the Group, and year on year growth demonstrates an increased international footprint. GROSS PROFIT Gross profit was up 9% to £8.9m (FY22: £8.2m), with gross margin also up by 200 basis points to 61% (FY22: 59%). The majority of the Group’s direct cost base relates to headcount for consultants and client delivery staff. The Group’s focus on higher-margin subscription services has driven the overall improvement in margin. In particular, the growth in retainer type arrangements for some services contracts has driven margin improvement in the Services division. Margin in the Services division also benefited from the positive impact of several operational projects designed to improve efficiency, while investment in website infrastructure has delivered margin improvement in the e-Commerce division. Notably, the Group’s fastest-growing revenue division, SaaS, has the highest gross margin: Segment Services SaaS E-Commerce Total FY22 FY23 Revenue Margin Revenue change Revenue Margin £ 6.6 3.7 3.6 13.9 £ 2.7 3.3 3.6 8.2 % 41% 89% 61% 59% % 6% 11% -% 6% £ 7.0 4.1 3.6 14.7 £ 3.0 3.5 2.4 8.9 % 43% 85% 67% 61% ADMINISTRATIVE EXPENSES Administrative expenses increased by £1.3m (14%) to £10.4m (FY22: £9.1m), compared with revenue increasing by 6%. During the year the Group invested in people, marketing and IT spend designed to fuel the next phase of revenue growth. The temporary drop in revenue in Q3 meant that overheads were, for a brief period, out of alignment with revenue, but the Q4 performance meant that the position had corrected itself prior to the year end as return on that investment began to be delivered and is expected to continue to be delivered through FY24 and beyond. GRC International Group plc / Annual Report & Accounts 2023 24 FINANCIAL REVIEW CONTINUED EBITDA Adjusted EBITDA (earnings before interest, tax, depreciation and amortization, adjusted to remove exceptional administrative costs) is considered by the Board to be an important key performance indicator. It is a more accurate measure of underlying business performance as it removes the impact of non-cash accounting adjustments. Adjusted EBITDA was £0.3m (FY22: £1.0m). £’m Revenue Operating loss Depreciation Amortisation Exceptional administrative costs Adjusted EBITDA Adjusted EBITDA as % Revenue FY22 13.9 (0.7) 0.3 1.4 0.0 1.0 7% FY23 14.7 (1.4) 0.1 1.5 0.1 0.3 2% FINANCE EXPENSE The net finance expense of £0.2m (FY22: £0.3m) relates to interest on the Group’s borrowings and leases accounted for under IFRS 16. LOSS BEFORE TAX Loss before tax was £1.6m (FY22: loss £1.0m). TAXATION No provision for tax has been made in the period (FY22: £Nil). The tax credit mostly relates to the recognition of Research & Development Tax Credits agreed with and received from HM Revenue & Customs. EARNINGS PER SHARE Loss per share was 1.16 pence (FY22: loss per share 0.98 pence). DIVIDEND The Group is not paying a dividend. CASH FLOW AND CASH/DEBT The Group’s closing cash position net of a bank overdraft was £0.1m (31 March 2022: £2.1m). Borrowings (excluding lease obligations) at period end were £1.3m (31 March 2022: £1.1m). The Group has banking facilities to provide adequate headroom for unforeseen working capital requirements by way of an invoice discounting facility that was inherited as part of the acquisition in 2019. In addition, the unsecured loan facility provided by Andrew Brode for the amount of £700,000 at an interest rate of 5% above the Bank of England base rate to provide additional working capital is available to the Company until at least 31 December 2023 and shall automatically renew for a further 12 months unless terminated by either party. As at the period end and the date of this report, £350,000 remained available to be drawn down. Further information on Going Concern is provided in the Financial Statements ‘Nature of operations and general information’ section (Principal accounting policies) of the Annual Report. STATEMENT OF FINANCIAL POSITION Net assets were £7.4m (31 March 2022: £8.7m). Net current liabilities at period end were up by £1.4m to £4.6m (31 March 2022: £3.2m). In January 2022, GRC International completed a successful £3m oversubscribed share placing. This has enabled the Group to continue its product investment and business automation programmes, including the development of new features and functionality across all units in the SaaS division, at the same time as making agreed repayments (under the ‘time to pay’ arrangements) against the deferred HMRC tax liabilities that arose through the pandemic. The main factor in the overall increase in net current liabilities of £1.4m was the decrease in cash balance as the proceeds from the January 2022 share placing were deployed as planned, with the development activity being capitalised as within intangible fixed assets and the reduction in HMRC liabilities reflected within trade and other payables. The trade and other payables balance includes a deferred income balance of £2.0m (31 March 2022: £1.8m), relating to training and consultancy projects due to be delivered after the statement of financial position date. The 11% increase in this balance signifies improving revenue trends and provides some visibility of income to be recognised in FY24. INTANGIBLE ASSETS The Group’s accounting policy is that only directly attributable staff costs of the technical teams developing the assets are capitalised. No management time is capitalised, and neither is any proportion of overheads or borrowing costs. Additions of £1.5m (FY22: £1.2m) relate to software, website development and the development of courseware. Amortisation of intangible fixed assets was £1.5m (FY22: £1.4m). Goodwill arising from business combinations has been allocated to the Group’s DQM cash-generating unit (’CGU’). Goodwill was £6.8m (31 March 2022: £6.8m). Goodwill is tested at least annually for impairment and whenever there are indications that goodwill might be impaired. Further information is provided in Note 5. CAPITAL STRUCTURE The issued share capital at 31 March 2023 was 107,826,246 (31 March 2022: 107,826,246) ordinary shares of £0.001 each. There were 100,000 share options granted in the period to 31 March 2023. RISKS AND UNCERTAINTIES The Board continually assesses and monitors the key risks of the business. The key risks that could affect the Group’s performance, and the factors that mitigate these risks, are set out on pages 26 to 27 of the Annual Report. Chris Hartshorne Finance Director 4 September 2023 GRC International Group plc / Annual Report & Accounts 2023STRATEGIC REPORT STRATEGIC REPORT 25 The simplest and most effective solution for organisations worldwide is the ability to easily address all of their IT Governance, Compliance and Risk Management needs within one integrated and comprehensive platform. CyberComply is that solution. GRC International Group plc / Annual Report & Accounts 2023 26 RISK MANAGEMENT OUR PRINCIPAL RISKS AND UNCERTAINTIES The Group is exposed to a number of potential risks which may have a material effect on our reputation, financial or operational performance. The Board is aware that the nature and scope of risks can evolve and that there may be further risks to which GRC International is exposed. While this list is not intended to be exhaustive, the Directors consider the below to be the principal risks and uncertainties faced by the Group. The Board has overall responsibility for risk management and internal control and is fully supported by the Audit Committee. Risk Mitigation conditions in the key geographic markets it operates in. The Group could be affected by unforeseen events outside of its control including: t Our operations are affected by overall economic n e m n o r i v n e c m o n o c E Economic and political events, such as the Russian invasion of Ukraine and changes in UK government • Currency exchange fluctuation Inflation or deflation • • i Competition: The Group’s current competitors, or new entrants to the market, particularly the data protection and cyber security markets, might bring superior technologies, products or services to the market, or equivalent products or services at a lower price which may have an adverse effect on the Group’s business. Customers: Loss of key customers has the potential to materially impact Group revenue. Compliance environment: Customer activity is to a significant extent driven by their fear of a data or cyber security breach and the regulatory and commercial consequences thereof. A reduction in external compliance pressure on the Group’s clients may have an adverse effect on the Group’s business. t n e m n o r i v n e g n i t a r e p O While the increasing geographic diversity of GRC provides some mitigation from individual country economic fluctuations, we continue to review and monitor our economic environment and will continue to consult widely to better understand any economic uncertainty and associated impacts. GRC operates on a basis of natural hedging to help minimise exposure to this risk. We continue to enhance and adapt the Group’s service offering, develop and invest in new propositions and services and invest in technology to better serve the needs of existing clients. We believe that the best way to mitigate this risk is to continue to deliver and maintain high-quality products and services to our customers. We continually review and monitor competitive activity in all our markets to ensure GRC remains innovative, competitive and attractive in the markets in which we operate. We operate a remote ‘deliver from anywhere’ model meaning we can deliver to clients on premises or remotely to suit their needs. In addition to the above, we seek to balance our exposure to customer dependency across all our geographic markets. We monitor customer demand and, in the event of a reduction in demand, would take steps to reduce delivery capacity and overheads. We maintain close working and contractual relationships with key suppliers and endeavour to limit those services for which we have a single point of failure. d n a n o i t a l s i g e L n o i t a u g e r l The markets in which the Group operates are subject to legal and regulatory changes and the emergence of new industry standards. To compete successfully, the Group will need to continue to improve its products and services, and to develop and market new products and services that keep pace with changes in legislation, regulation and commercial practices. We monitor developments and proposed changes in Government policies, legislation, regulation and other factors that may impact our business and our customers’ businesses. Our strategy is kept under close review to ensure we respond to any such impact. We have well-developed IT systems, operational controls, comprehensive training and a rigorous compliance monitoring programme in order to maintain adherence to legislation. GRC International Group plc / Annual Report & Accounts 2023STRATEGIC REPORT STRATEGIC REPORT 27 Risk Mitigation n o i s n a p x e l a n o i t a n r e t n I The continued expansion of the Group into new countries brings associated risks. With a number of offices located outside the UK, there is a risk that the Group’s growth overseas may result in a reduction in the quality of control and oversight provided by senior management. Factors such as different time zones, languages, regulatory regimes and working cultures may all reduce the efficacy of the oversight provided by senior management. The financial performance of the Group may be impacted by changes to taxation regulation and the repatriation of profits, as the UK has now left the EU. The Board and senior management review international activity on a regular basis and consider both strategic and operational issues that may impact performance. The Board has full oversight of UK and overseas operations through regular management meetings, both remotely and in person. The nature of the Group’s business means that it is exposed to a number or risks associated with information technology which have the potential to cause a significant impact on operational performance, Company reputation and financial performance. We manage this risk in a number of ways, including external certification to international security standards, such as ISO/IEC 27001 and UK standards such as Cyber Essentials Plus. Our GDPR compliance management system is externally audited to comply with both ISO/IEC 27701 and BS 10012. l i a c n h c e t d n a m e t s y S l e p o e P s e i t i l i i c a f g n c n a n F i These risks include: – Cyber security breach – Data breach – Reliance on key systems, including defects in software The Group’s future will be greatly influenced by the continued services and performance of its Directors and senior management. Furthermore, failure to recruit and retain skilled personnel at all levels across the business could also have an adverse impact. Employees remain our greatest asset and high levels of employee turnover are a principal risk. Highly skilled employees are vital to building and maintaining client relationships and winning new work. A business continuity plan is in place to minimise the impact to the business should IT systems fail. The internal IT team assesses risks associated with potential cyber threats on a regular basis and uses antivirus software, amongst other controls, to protect the integrity of systems. We also undertake regular penetration testing to assess infrastructure and data security. In the event that an IT incident does occur, back-up facilities are in place to ensure business interruptions are minimised and internal and customer data is protected from corruption or unauthorised access. GRC also has cyber insurance appropriate to its risk profile. We continue to invest in cyber security measures, tools and infrastructure, as well as seeking to develop and upgrade systems in line with the Group’s plans for significant expansion. GRC takes pride in creating a positive and exciting workplace environment, through training, engagement, rewards and values. Management provided continued support to our employees, physically and mentally during the Covid-19 pandemic including embedding ongoing hybrid working arrangements. Significant efforts were and continue to be made to engage with and obtain feedback from employees. The Remuneration Committee seeks to ensure that rewards correspond with performance and retention. Keyman insurance has been put in place in respect of the Chief Executive Officer, Alan Calder, for £750,000. With a strategy for the Group of significant growth, including further international expansion, the Board recognises the importance of regular review and monitoring of the Group’s financing. The Group maintains regular and transparent dialogue with its facility lenders to ensure they are aware of developments in the business and reviews the level of facilities required based on the Group’s forecasts. The Group maintains a short-term invoice discounting facility and has an unsecured loan facility provided by Andrew Brode to provide additional working capital. The Group only has a limited forward order book for its services, creating unpredictability in revenues and cash, hence impacting on the level of liquidity. The Board receives weekly and monthly information to enable it to consider the Group’s short and medium-term performance. If performance is not in line with forecast, the Group has a number of mitigating actions that could be implemented. The close monitoring of cash and cash flow forecasting is considered a priority for all members of the Board. Further details are included in the Financial Review pages of this Annual Report. GRC International Group plc / Annual Report & Accounts 2023 28 KEY PERFORMANCE INDICATORS BILLINGS Billings equates to the total value of invoices raised and cash sales through Group websites. This figure does not take account of accrued or deferred income adjustments that are required to comply with accounting standards.* * Billings equate to the total value (net of VAT) of invoices raised and cash sales through the Group’s websites. The figure does not take account of accrued or deferred income adjustments that are required to comply with UK-adopted International Financial Reporting Standards (“IFRS”) but is considered to provide useful information to the users of the Group’s financial information. Billings is considered by the Board to be a key metric for managing the business due to its direct relationship with cash-flow. Cash receipts are driven by billings achieved each month rather than by revenue recognised in accordance with IFRS Total billings (£000s) £14,861 +1% Total billings (£000s) 2022: £14,794 2019 15,833 2020 Total billings (£000s) 14,026 2021 Total billings (£000s) 2019 2022 12,253 15,833 14,794 AVERAGE FTE HEADCOUNT While the number of full-time equivalent (’FTE’) employees is not a KPI in itself, the size of the Revenue increase with only minimal headcount being added demonstrates the operational efficiencies over the course of the financial year. 14,026 14,861 15,833 14,026 14,794 14,861 14,794 14,861 270 270 270 2020 2023 2019 2021 2020 2022 2021 2023 Average FTE headcount 2022 Average FTE headcount 12,253 12,253 2023 2019 176 +7% 2020 FTE as at 31 March 2023: 176 Average FTE headcount FTE as at 31 March 2022: 164 2021 149 187 176 164 2019 Average FTE headcount 2022 2020 2023 2019 2021 2020 2022 2021 2023 2022 Billings per FTE (£) 2023 164 149 164 149 176 176 187 187 MONTHLY BILLINGS DIVIDED BY FTE EMPLOYEES 2019 4,881 This is an internal target given to the Group’s sales and marketing teams. 4,881 Billings per FTE (£) 2020 Billings per FTE (£) 2021 £7,020 (6%) 2019 2022 Billings per FTE (£) 2022: £7,477 2020 2023 2019 2021 2020 2022 2021 2023 2022 Website visits (000s) 2023 2019 4,881 9,988 9,988 9,988 6,307 7,477 6,307 7,020 6,307 7,477 7,020 7,477 7,020 4,902 2020 3,552 Website visits (000s) 2021 3,691 4,902 4,902 4,312 4,086 2019 2022 Website visits (000s) 2020 3,552 2023 2019 2021 2020 2022 2021 4,086 2023 4,312 2022 Website revenue (£000s) 4,086 2023 2019 3,691 3,691 3,552 4,312 3,374 Website revenue (£000s) 4,002 Website revenue (£000s) 3,374 3,374 4,002 2,293 2,293 2,293 Underlying EBITDA (£000s) 2023 4,002 (4,336) (4,336) (4,336) Underlying EBITDA (£000s) Underlying EBITDA (£000s) 2020 2021 2019 2022 2020 2023 2019 2021 2020 2022 2021 2022 2019 2023 2020 2021 2019 2022 2020 2023 2019 2021 2020 2022 2021 2023 2022 2023 (1,501) (1,131) (1,501) (1,131) (1,501) (1,131) 6,161 6,368 6,161 6,368 6,161 6,368 954 288 954 288 954 288 GRC International Group plc / Annual Report & Accounts 2023STRATEGIC REPORT Total billings (£000s) Total billings (£000s) Total billings (£000s) 15,833 14,026 12,253 15,833 14,026 14,794 12,253 14,861 14,794 15,833 14,861 14,026 Average FTE headcount 12,253 2021 Average FTE headcount 2023 2020 187 14,861 14,794 270 149 270 2023 2021 Average FTE headcount 149 176 2019 2020 2019 2021 2022 2020 2023 2021 2022 2019 2023 2020 2019 2022 2019 2021 2022 2020 2022 2019 2023 2020 164 187 164 176 187 270 2021 Billings per FTE (£) 2022 149 STRATEGIC REPORT 29 164 2019 2023 Billings per FTE (£) 2020 4,881 176 6,307 2021 2019 2022 2020 4,881 9,988 6,307 7,477 2023 2021 Billings per FTE (£) 7,020 9,988 4,881 7,477 2022 2019 Website visits (000s) 2023 2020 4,086 (5)% 2021 Website visits (000s) 2022: 4,312 2022 2019 2023 Website visits (000s) 2020 3,552 7,020 6,307 7,477 4,902 7,020 9,988 WEBSITE VISITS The Group invests significant funds into digital marketing in order to optimise our dominance of certain web search term results. There is a distinct correlation between website visits and sales, however, we remain careful to use the term ’correlation’ rather than ’causation’. WEBSITE REVENUE 2023 2020 4,086 3,552 2021 2019 2022 2020 3,691 4,902 3,552 4,312 2023 2021 Website visits (000s) 2022 2019 4,086 3,691 4,312 4,902 This equates to debit and credit card sales via the website that turn into cash immediately. This is an important KPI as it is a key driver of the Group’s working capital. Furthermore, the Group refers to website sales trends to estimate the returns generated through digital marketing campaigns and, therefore, how to prioritise these accordingly. UNDERLYING EBITDA EBITDA (“Earnings Before Interest, Tax, Depreciation, Amortisation”) excludes share-based payment expenses (which are excluded as they are a non-cash expense) and exceptional costs in relation to acquisitions made in the year. 3,691 Website revenue (£000s) 2021 Website revenue (£000s) 4,312 2022 2019 £6,368 +3% 4,086 2023 2022: £6,161 Website revenue (£000s) 2020 2,293 3,374 2021 2019 2022 2020 2,293 3,374 4,002 2023 2021 Website revenue (£000s) 2022 2019 4,002 3,374 2,293 2023 2020 Underlying EBITDA (£000s) 2021 2019 2022 2020 Underlying EBITDA (£000s) 2023 2019 2021 Underlying EBITDA (£000s) (4,336) 4,002 (4,336) (1,501) (1,131) 2020 2022 £288 (70)% (1,501) 2023 2021 Underlying EBITDA (£000s) 2022: £954 2022 2019 (4,336) (1,131) 2023 2020 2021 2022 2023 (1,501) (1,131) The Strategic Report was approved by the Board of Directors and signed on its behalf. Alan Calder Director 4 September 2023 6,161 6,368 6,161 6,368 6,161 6,368 954 288 954 288 954 288 GRC International Group plc / Annual Report & Accounts 2023 30 STAKEHOLDER ENGAGEMENT WE ENGAGE WITH OUR STAKEHOLDERS TO DEVELOP EFFECTIVE RELATIONSHIPS AND IMPROVE BUSINESS DECISIONS By understanding our stakeholders and listening to their views and feedback, we can factor into Board discussions the potential impact of our decisions on each stakeholder group and consider their needs and concerns. The Board undertakes regular reviews of the Company’s strategy and is actively involved in reviewing and approving changes which ultimately drive the future of the business. S172 STATEMENT As required by s172 of the Companies Act 2006, a director of a company must act in the way he/she considers, in good faith, would most likely promote the success of the company for the benefit of its shareholders. In so doing, the director must have regards amongst other matters to the: OUR STAKEHOLDERS MATERIAL TOPICS HOW WE ENGAGE OUTCOMES EMPLOYEES • Opportunities for development We have an experienced, diverse and dedicated workforce which The majority of our staff in all our geographic locations are now Engaging with our people enables us to create an inclusive company culture and a positive working environment. and progression • Opportunity to share ideas and make a difference • Diversity and inclusion • Help customers make better Social media is a key channel for mobilising customer Our classroom training business is now completely online, with decisions engagement. • Personalised customer propositions • Leveraging a deep understanding of their needs and views to create innovative solutions • Financial performance • Strategy and business model • Proactive approach to communication we recognise as the key asset of our business. It is vital to the permanently home-based. success of the Group to continue to create the right environment to encourage and create opportunities for individuals and teams to realise potential. To ensure regular communication flow in a remote working business we have daily online presentations and briefings from senior management, quarterly ‘all staff’ briefings, monthly senior The COVID-19 pandemic has changed the way people want to management cascade briefings and regular ‘in person’ team and work. We have an established work-from-home / remote working Group wide events. model that support international recruitment and flexible working arrangements. Following the introduction of the HR Software tool in the later part of FY19 we have much greater data accuracy, increased over Our remote working model is now well-established and we have a data, improved efficiency and a modern employment experience. range of practices in place that ensure ongoing engagement and involvement of staff across the Group. The Board is committed to ensuring clients receive high quality deliverables and that they are supported in managing the new model. marketing landscape. a bio secure training centre that has opened in Cambridgeshire with an innovative ’Learn from Anywhere’ multi-channel delivery We are successfully delivering 95% of our cyber security, privacy and continuity services remotely to customers across the world. We have a number of mechanisms through which our Investors showed their support for the Board and the Company’s shareholders have the opportunity to make their voices heard strategy by passing all resolutions at the Annual General Meeting and inform the direction and governance of our business. This is and supported the Company in a £3m oversubscribed share evidenced through our Annual General Meetings and investor placing, in January 2022, that raised funds for continued investment roadshows. We also communicate with our shareholders through in product development and internal automation projects. the full-year and half-year results announcements, trading updates and other press releases issued by the Company through the year. We maintain an up-to-date website and use an investor relations advisory practice to facilitate clear and productive exchanges with shareholders. Likely consequences of any decision in the long term Interests of the company’s employees CUSTOMERS • • • • • • Need to foster the company’s business relationships with suppliers, customers and others Impact of the company’s actions on the community and environment Desirability of the company maintaining a reputation for high standards of business conduct Need to act fairly between members of the company Aside from the operational decisions required for the execution of the Group’s Strategy, and ongoing finance requirements, there are no other key decisions requiring disclosure. Listening to our customers helps us to better understand their needs and provide suitable and reliable products and services. SHAREHOLDERS Our shareholders are vital to the future success of our business, providing funds which aid business growth and the generation of sustainable returns. The Board recognises that relationships with our stakeholders are also key to the delivery of our strategy. The Board is committed to open engagement with our shareholders and provides all the necessary information needed to enable decision-making. THIRD PARTY SUPPLIERS Interaction with our suppliers and treating our suppliers fairly allows us to drive higher standards and reduce risk in our supply chain whilst benefiting from cost efficiencies and positive environmental outcomes. • Long-term partnerships • Collaborative approach • Open terms of business • Fair payment terms We operate in a way that safeguards against unfair business We regularly monitor the relationship and engagement approach practices and encourages suppliers and contractors to adopt with our third-party suppliers. responsible business policies and practices for mutual benefit. We aim to treat our suppliers fairly, holding ourselves to high We recognise that we must, where possible, integrate our business standards of business conduct and presenting a zero-tolerance values and operations to meet the expectations of our stakeholders, approach to practices which are at odds with our values and including customers, suppliers, the community and environment. culture, for example corruption, bribery and modern slavery. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 2023 31 OUR STAKEHOLDERS MATERIAL TOPICS HOW WE ENGAGE OUTCOMES EMPLOYEES Engaging with our people enables us • Opportunities for development and progression to create an inclusive company culture • Opportunity to share ideas and and a positive working environment. make a difference • Diversity and inclusion CUSTOMERS • Help customers make better Listening to our customers helps us to better decisions understand their needs and provide suitable • Personalised customer propositions and reliable products and services. • Leveraging a deep understanding of their needs and views to create innovative solutions SHAREHOLDERS • Financial performance Our shareholders are vital to the future • Strategy and business model • Proactive approach to communication success of our business, providing funds which aid business growth and the generation of sustainable returns. The Board recognises that relationships with our stakeholders are also key to the delivery of our strategy. The Board is committed to open engagement with our shareholders and provides all the necessary information needed to enable decision-making. THIRD PARTY SUPPLIERS • Long-term partnerships Interaction with our suppliers and treating • Collaborative approach our suppliers fairly allows us to drive higher standards and reduce risk in our supply chain whilst benefiting from cost efficiencies and positive environmental outcomes. • Open terms of business • Fair payment terms We have an experienced, diverse and dedicated workforce which we recognise as the key asset of our business. It is vital to the success of the Group to continue to create the right environment to encourage and create opportunities for individuals and teams to realise potential. The COVID-19 pandemic has changed the way people want to work. We have an established work-from-home / remote working model that support international recruitment and flexible working arrangements. Our remote working model is now well-established and we have a range of practices in place that ensure ongoing engagement and involvement of staff across the Group. The majority of our staff in all our geographic locations are now permanently home-based. To ensure regular communication flow in a remote working business we have daily online presentations and briefings from senior management, quarterly ‘all staff’ briefings, monthly senior management cascade briefings and regular ‘in person’ team and Group wide events. Following the introduction of the HR Software tool in the later part of FY19 we have much greater data accuracy, increased over data, improved efficiency and a modern employment experience. Social media is a key channel for mobilising customer engagement. The Board is committed to ensuring clients receive high quality deliverables and that they are supported in managing the new marketing landscape. Our classroom training business is now completely online, with a bio secure training centre that has opened in Cambridgeshire with an innovative ’Learn from Anywhere’ multi-channel delivery model. We are successfully delivering 95% of our cyber security, privacy and continuity services remotely to customers across the world. We have a number of mechanisms through which our shareholders have the opportunity to make their voices heard and inform the direction and governance of our business. This is evidenced through our Annual General Meetings and investor roadshows. We also communicate with our shareholders through the full-year and half-year results announcements, trading updates and other press releases issued by the Company through the year. We maintain an up-to-date website and use an investor relations advisory practice to facilitate clear and productive exchanges with shareholders. Investors showed their support for the Board and the Company’s strategy by passing all resolutions at the Annual General Meeting and supported the Company in a £3m oversubscribed share placing, in January 2022, that raised funds for continued investment in product development and internal automation projects. We operate in a way that safeguards against unfair business practices and encourages suppliers and contractors to adopt responsible business policies and practices for mutual benefit. We recognise that we must, where possible, integrate our business values and operations to meet the expectations of our stakeholders, including customers, suppliers, the community and environment. We regularly monitor the relationship and engagement approach with our third-party suppliers. We aim to treat our suppliers fairly, holding ourselves to high standards of business conduct and presenting a zero-tolerance approach to practices which are at odds with our values and culture, for example corruption, bribery and modern slavery. STRATEGIC REPORTGRC International Group plc / Annual Report & Accounts 2023 32 32 GRC International Group plc / Annual Report & Accounts 2023STRATEGIC REPORT 33 33 Governance IN THIS SECTION Governance Report Application of the QCA Code Board of Directors Audit Committee Report Remuneration Committee Report Directors’ Report 34 36 40 42 45 48 Statement of Directors’ Responsibilities 49 GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 34 GOVERNANCE REPORT On behalf of the Board of Directors, I am pleased to introduce the Group’s Corporate Governance Statement for the year ended 31 March 2023. Andrew Stephen Brode Non-Executive Chairman The Board believes that the current composition of the Board brings a desirable range of skills and experience in light of the Group’s challenges and opportunities following admission to AIM in 2018, while simultaneously ensuring that no individual or group can dominate the Board’s decision making. COMPOSITION OF THE BOARD AND MEETINGS The QCA Code states that a company should have at least two non-executive directors. The Board comprises four Directors; two Executive Directors and two Non-Executive Directors, reflecting a blend of different experiences and backgrounds. The Board believes that the current composition of the Board brings a desirable range of skills and experience in light of the Company’s challenges and opportunities following admission to AIM in March 2018, while simultaneously ensuring that no individual or group can dominate the Board’s decision making. The structure of the Board is designed to ensure that the Board focuses on the strategic direction of the Group, monitoring its performance, governance, risk and control issues. The Board meets regularly to review, formulate and approve the Group’s strategy, budgets, corporate actions and oversee the Group’s progress towards its goals. The Company will continue to appraise the structure of the Board on an ongoing basis. INTRODUCTION This statement of the report sets out GRC International Group plc’s approach to corporate governance and intends to provide information on how the Board and its Committees operate. As a Board, we take corporate governance very seriously, and I will continue to ensure that we maintain high standards throughout my tenure. As a company whose shares are traded on the AIM market of the London Stock Exchange, GRC International has chosen to monitor and report its compliance with the Quoted Companies Alliance (’QCA’) Corporate Governance Code (’the Code’) and its Statement of Compliance with the same can be found with information on governance arrangements on the Company website (https://www.grci.group/corporate- governance). Further information is provided in the table on pages 36 to 39. This report seeks to inform shareholders about how it complies with the QCA Code, and where it departs from the QCA Code the Board will provide an explanation of the reason(s) for doing so. THE ROLE OF THE BOARD The Board is collectively responsible for GRC International’s performance and creating value for shareholders. The Board meets as often as required to effectively conduct its business. The Board is responsible for overseeing the management of the Group and approving the strategic direction of GRC International. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 35 The table below sets out the Directors’ attendance at scheduled Board meetings during the period ended 31 March 2023, against the number of meetings each Board member was eligible to attend: Andrew Brode Alan Calder Christopher Hartshorne Ric Piper 10/10 10/10 10/10 10/10 At each Board meeting, the Directors follow a formal agenda, which is circulated in advance by the Company Secretary. BOARD COMMITTEES The Board has delegated specific responsibilities to the Audit Committee and the Remuneration Committee, details of which are set out below. Each Committee has written Terms of Reference setting out its duties, authorities and reporting responsibilities which can be obtained from the Company Secretary on application via https://www.grci.group/contact. Audit Committee The Audit Committee has the responsibility of reviewing and reporting to the Board on the Group’s financial reporting, internal control and risk management systems, the independence and effectiveness of the external auditor. The Audit Committee meets no less than two times in each financial year and has unrestricted access to the Group’s external auditor. The members of the Audit Committee comprise two Non-Executive Directors: Ric Piper (as Chairman) and Andrew Brode. More information about this Board Committee can be found in the Audit Committee Report on pages 42 to 44. Remuneration Committee The Remuneration Committee reviews the performance of the Executive Directors, Chairman of the Board and senior management of the Group and makes recommendations to the Board on matters relating to their remuneration and terms of service. The Remuneration Committee also makes recommendations to the Board on proposals for the granting of share options and other equity incentives pursuant to any employee share option scheme or equity incentive plans in operation from time to time. The Remuneration Committee meets as and when necessary, but at least once each year. In exercising this role, the Directors have regard to the recommendations put forward in the QCA Code and, where appropriate, the QCA Remuneration Committee Guide and associated guidance. The members of the Remuneration Committee include two Non-Executive Directors. The Remuneration Committee comprises Ric Piper (as Chairman) and Andrew Brode. More information about this Board Committee can be found in the Remuneration Committee Report on pages 45 to 47. Nomination Committee No nomination committee has been established. Instead, decision- making on matters of nomination and succession will be retained with the Board as a whole. This approach is considered appropriate considering the small size of the Board and is believed to enable all Board members to take an active involvement in the consideration of Board candidates and to support the Chair in matters of nomination and succession. BOARD EFFECTIVENESS In line with the requirements of the QCA Code, an annual evaluation process is undertaken which considers the effectiveness of the Board, its Committees and individual Directors. This review identifies areas for improvement, informs training plans for Directors and identifies areas of knowledge, expertise or diversity which should be considered in the Group’s succession plans. The evaluation did not take place on one specific date but via a series of conversations, both during and outside regular Board meetings. Conversations took place involving all members of the Board together and as one on one conversations led by the Chairman. In addition to the annual evaluation exercise, there remains an ongoing dialogue within the Board to ensure that it operates effectively and that any matters raised are addressed in a timely manner. The Board maintains strong relationships with external advisers and has access to advice as required. The performance of the Executive Directors is reviewed annually by the Remuneration Committee in conjunction with their annual pay review and the payment of bonuses. The Corporate Governance Statement was approved by the Board of Directors and signed on its behalf. Andrew Brode Chairman 4 September 2023 GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 36 APPLICATION OF THE QCA CODE EXPLANATION Compliant GOVERNANCE PRINCIPLE 1 Establish a strategy and business model which promote long-term value for shareholders. The Board is committed to delivering long-term value for GRC International’s shareholders. The Group’s business model and strategy is explained fully within the Strategic Report on pages 18 to 21. Details of the principal risks and uncertainties which the Board considers to be associated with the Group’s activities, together with the mitigating actions which are being pursued in relation to them, are set out on pages 26 to 27. GOVERNANCE PRINCIPLE 2 Seek to understand and meet shareholder needs and expectations. The Board attaches great importance to communication with all of GRC International’s shareholders. We encourage all our shareholders to attend our AGM, which provides a forum and time for shareholders’ questions and open discussions. Furthermore, feedback from investors is obtained through direct interaction with the Chief Executive Officer and Finance Director at meetings following its interim full-year results, and certain other ad hoc meetings that take place during the year. There is a regular dialogue with shareholders through the medium of the Company’s corporate brokers, Singer Capital Markets and Dowgate Capital Ltd. The voting record at the Company’s general meetings is monitored and we are pleased that all resolutions proposed so far have been passed by shareholders (with a great majority being passed by 100% of attending votes). GOVERNANCE PRINCIPLE 3 Take into account wider stakeholder and social responsibilities and their implications for long- term success. As an international company, GRC International places significant importance on understanding and respecting different cultural and social values within the international realm in which it operates. The Group has adopted policies to encourage an open and transparent corporate culture, including policies addressing anti-slavery, anti-bribery and whistleblowing. We continue to adopt new policies and monitor existing policies on an ongoing basis. Details of the stakeholder engagement which the Board considers to be associated with the Group’s activities are set out in the S172 disclosure on pages 30 to 31. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 GOVERNANCE PRINCIPLE 4 Embed effective risk management, considering both opportunities and threats, throughout the organisation. 37 EXPLANATION Compliant Details of the principal risks and uncertainties which the Board considers to be associated with the Group’s activities, together with the mitigating actions which are being pursued in relation to them, are set out on pages 26 to 27. The Company sets out in its annual report the steps taken to ensure that effective risk management is embedded within the Group’s culture. The Board has identified the principal business and financial risks and has implemented control procedures. The Group has an established framework of internal financial controls which is subject to review by the Directors and the Audit Committee considering the ongoing risks faced by the Group. The Board acknowledges its responsibility for reviewing the effectiveness of the systems that are in place to manage risk. However, no such system can provide absolute assurance against misstatement or loss. The Board considers that the internal controls that are in place are appropriate for the size and complexity of the Group. The key elements of the Group’s internal control environment include: • close involvement of the Executive Directors in the day-to-day running of the Group; • weekly Executive Committee meetings; • clear lines of authority and reporting established; • • centralised control and decision making over key areas such as capital expenditure and financing; and a suite of daily and monthly reports focusing on the key performance and risk areas. Such reports include detailed annual budget setting with monthly monitoring and daily reporting including reports on sales, orders and cash balances compared with budget. The Board, with the advice of the Audit Committee, has reviewed the effectiveness of the systems of internal control for the year to 31 March 2023. Given the current size of the Group and the close involvement of the Executive Directors in the day-to-day operations, the Group does not consider it necessary to have a separate financial internal audit function due to the Group’s size and its centralised administrative function but keeps this need under review. The Company receives regular feedback from its external auditors on the effectiveness of its internal controls and aims to implement any improvements identified. The Group undertakes regular updates and reviews of its business processes, co-ordinated by the Group quality function to ensure that it not only addresses basic financial controls but that non-financial controls are also in place over areas such as health and safety, environmental issues and adherence to law and regulations. Mitigation can only provide reasonable, but not absolute, assurance against material misstatement or loss. As such the Group maintains appropriate insurance cover for the Group’s activities, with the types of cover and insured values being reviewed on a periodic basis by the Board. The Group also has a Business Continuity Plan to manage significant risks such as the COVID-19 pandemic. GOVERNANCE PRINCIPLE 5 Evaluate Board performance based on clear and relevant objectives, seeking continuous improvement. In line with the requirements of the QCA Code, an annual evaluation process is undertaken which considers the effectiveness of the Board, its Committees and individual Directors. This review identifies areas for improvement, informs training plans for Directors and identifies areas of knowledge, expertise or diversity which should be considered in the Group’s succession plans. The process of Board evaluation is a continuous one as the Board communicates regularly as a group, picking up on matters where a particular Director’s time and efforts should be focused. Both the Chairman and the CEO hold regular one-to-one conversations with other members of the Board, with the Finance Director also communicating regularly with the Chairman of the Audit Committee. The Board is considered to be operating effectively and appropriately for the size and complexity of the Group. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 38 APPLICATION OF THE QCA CODE CONTINUED GOVERNANCE PRINCIPLE 6 Maintain the Board as a well-functioning, balanced team led by the Chair. EXPLANATION Compliant The Board is responsible for taking all major strategic decisions and also addressing any significant operational matters. In addition, the Board reviews the risk profile of the Group and ensures that an adequate system of internal control is in place. The Board has a formal schedule of matters reserved for its approval and is supported by the Audit and Remuneration Committees. All Directors are required to devote sufficient time to carry out their role. The Board believes that the current composition of the Board brings a desirable range of skills and experience in light of the Company’s challenges and opportunities following admission to AIM in March 2018, while simultaneously ensuring that no individual or group can dominate the Board’s decision making. Non-Executive Directors have a time commitment to the Company of not less than eight days per annum including the attendance of Board meetings and the Company AGM. In addition, Non-Executive Directors are expected to devote appropriate preparation time ahead of each meeting. The structure of the Board is designed to ensure that the Board focuses on the strategic direction of the Group, monitoring its performance, governance, risk and control issues. The Board has considered Mr Brode’s independence and, notwithstanding his shareholding in the Company and his position as a debt provider, the Board considers that Mr Brode is of independent mind in regards to his interactions with the Company. Ric Piper is considered to be independent as described on page 41. The composition and experience of the Board is shown on pages 40 to 41 of the Annual Report. GOVERNANCE PRINCIPLE 7 Ensure that between them the Directors have the necessary up-to- date experience, skills and capabilities. The GRCI Board has, in its opinion, an appropriate balance of sector, financial and public market skills and experience, as well as an appropriate balance of personal qualities including gender balance and capabilities to successfully execute the Group’s strategy. The Board fully supports and funds any training, formally or otherwise, that is required by any individual Board member so as to ensure that their knowledge and experience remains relevant and effective. The Directors receive briefings at Board meetings on regulatory and other issues relevant to the Group and its business sector and may attend external courses to assist in their professional development. All Directors, the Audit Committee and Remuneration Committee are able to take independent professional advice in the furtherance of their duties, if necessary. A summary of the skills and experience of each Board member is included in their biographies on pages 40 to 41 of the Annual Report. GOVERNANCE PRINCIPLE 8 Promote a corporate culture that is based on ethical values and behaviours. The Board believes that the promotion of a corporate culture based on sound ethical values and behaviours is essential to creating a workplace environment that allows people to flourish and this will contribute to enhancing shareholder value. Each Director places great importance on demonstrating ethical behaviours, both during the decision-making process, and in the implementation and communication of strategic decisions. Senior managers are also encouraged to lead by example in the promotion of ethical values and behaviours. So far as possible, we ensure that these values are visible through our recruitment process, internal communications and management style, corporate reports and external announcements. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 39 EXPLANATION Compliant GOVERNANCE PRINCIPLE 9 Maintain governance structures and processes that are fit for purpose and support good decision-making by the Board. The Board meets regularly throughout the year to consider strategy, performance and the framework of internal controls. A scheduled meeting calendar is arranged as far in advance as possible, and ad hoc meetings are held in person or by telephone when it is necessary for the Board to discuss specific issues. To enable the Board to discharge its duties, the Directors receive appropriate and timely information. A formal agenda and briefing papers are distributed to the Directors in advance of each Board meeting. The Directors have access to the advice and services of the Finance Director and Company Secretary, who is responsible for ensuring that the Board procedures are followed, and that applicable rules and regulations are complied with. The Board reviews its governance structures regularly to ensure they are fit for purpose and will carry out a review of the terms of the Audit and Remuneration Committees during financial year 2023. Further details on our governance structure and the role of our Board Committees are set out on pages 34 to 35. GOVERNANCE PRINCIPLE 10 Communicate how the Company is governed and is performing by maintaining a dialogue with shareholders and other relevant stakeholders. Our Group website (www.grci.group) sets out details of the Group and its activities, regulatory announcements and Company press releases, annual reports, half-year reports, notices of general meetings and information required by the AIM Rules for companies and the QCA Code. The ’Investors’ section of the Group website includes a dedicated ’Corporate Governance’ section, where our annual Corporate Governance Statements can be found (www.grci.group/corporate-governance). Further information can also be found in the Audit Committee report on pages 42 to 44 and the Remuneration Committee report on pages 45 to 47. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 40 BOARD OF DIRECTORS Bringing a broad range of skills and a depth of experience The existing Directors of GRC International Group plc are listed below. The Directors’ Report on page 46 sets out details of the Directors who served during the year ended 31 March 2023. The Board is committed to maintaining high standards of corporate governance. The Company has adopted policies and procedures which reflect the principles of the QCA’s Corporate Governance Guidelines for Smaller Quoted Companies (’QCA Code’) as appropriate to a company whose shares are admitted to trading on AIM. ANDREW STEPHEN BRODE NON-EXECUTIVE CHAIRMAN ALAN PHILIP CALDER CHIEF EXECUTIVE OFFICER APPOINTMENT TO THE BOARD November 2012 APPOINTMENT TO THE BOARD April 2002 KEY SKILLS AND EXPERIENCE In 2012, Andrew acquired an initial shareholding in IT Governance Ltd before joining the board as a Non-Executive Director in November 2012. In 2014, he subscribed for further shares in IT Governance Ltd, increasing his shareholding to 22% (of the issued share capital of the company before admission). Andrew was appointed Non-Executive Chairman of the company in February 2018. As well as being a chartered accountant, Andrew has gained significant leadership experience on the boards of several listed companies. He was Chief Executive of Wolters Kluwer (UK) PLC between 1978 and 1990, and is currently Chairman of RWS Holdings plc and Learning Technologies Group plc. These roles, together with his extensive executive experience, ensure he is well placed to lead the board of GRC International Group PLC effectively. PRINCIPAL EXTERNAL APPOINTMENTS • Chairman of RWS Holdings plc • Chairman of Learning Technologies Group plc • Non-Executive Director of a number of private- equity-backed media companies KEY SKILLS AND EXPERIENCE As CEO and founder of IT Governance Ltd, Alan leads the senior team and is responsible for delivering GRC International Group PLC’s strategy. Before founding IT Governance Ltd in 2002, Alan held a number of roles, including CEO of Business Link London City Partners, CEO of Focus Central London and CEO of Wide Learning, the Outsourced Training Company, and was Chairman of CEME. Alan graduated from the University of Witwatersrand in 1978 before moving to the UK. He has written a number of books about IT management, including the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ ISO27002 (co-written with Steve Watkins), which is in its seventh edition and is the basis for the UK Open University’s postgraduate course on information security, and IT Governance – Guidelines for Directors. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 41 CHRISTOPHER JOHN HARTSHORNE, FCCA RICHARD JOHN PIPER, ACA FINANCE DIRECTOR INDEPENDENT NON-EXECUTIVE DIRECTOR APPOINTMENT TO THE BOARD April 2017 APPOINTMENT TO THE BOARD February 2018 KEY SKILLS AND EXPERIENCE Chris spent nearly 15 years in public practice accountancy, qualifying with Deloitte before moving to PwC. He spent much of his public practice career supporting fast growth tech companies juggling organic growth, M&A, financing, and investment both on and off the public markets. He joined IT Governance Ltd in 2017 to bring that experience to an organisation where he saw significant potential and market opportunity. KEY SKILLS AND EXPERIENCE Ric has more than 40 years’ experience as a chartered accountant, including senior finance roles at ICI, Citicorp and Logica. He was also Group Finance Director at WS Atkins plc from 1993 to 2002. Ric advises a number of businesses in the engineering and technology sectors. He was a Member of the Financial Reporting Review Panel for ten years until 2019. PRINCIPAL EXTERNAL APPOINTMENTS • Partner at Restoration Partners • Non-Executive Director at Belluscura plc GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 42 AUDIT COMMITTEE REPORT Richard John Piper ACA Audit Committee Chair, Remuneration Committee Chair As Chairman of the Audit Committee, I am pleased to present this report of the Audit Committee (the ’Committee’) for the year ended 31 March 2023. This report is intended to explain how the Committee has met its responsibilities. From a ’business as usual’ perspective, there is nothing to bring to your specific attention. I will be available at the Annual General Meeting (’AGM’) to respond to any questions shareholders may raise on any of the Committee’s activities. From a ’business as usual’ perspective, there is nothing to bring to your specific attention. COMMITTEE MEMBERSHIP, MEETINGS AND ATTENDANCE MEMBERSHIP Throughout the year ended 31 March 2023, and since the year end to the date of this Report, the Committee comprised two Non- Executive Directors: AIMS AND OBJECTIVES The Committee has responsibility for monitoring the integrity of the annual and interim financial statements and formal announcements relating to the Group’s financial performance, including advising the Board that the Annual Report is fair, balanced and understandable. It reviews significant financial reporting issues and accounting policies and disclosures in financial reports, the effectiveness of the Group’s internal control procedures and risk management systems and considers how the Group’s internal audit requirements shall be satisfied, making recommendations to the Board. It reviews the independent auditor’s audit strategy and implementation plan and its findings in relation to the Annual Report and Interim Financial Statements. The main duties of the Committee are set out in its Terms of Reference which are available from the Company Secretary on application via https://www.grci.group/contact. • Ric Piper (Chairman of the Committee and independent Non- Executive Director); and • Andrew Brode (Chairman of the Board). Both Andrew Brode and Ric Piper are Chartered Accountants and the Board considers them to have recent and relevant financial experience. Further information on Mr Piper and Mr Brode can be found in the Directors’ biographies on pages 40 to 41. The Board considers that the Committee as a whole has competence relevant to the sector in which the Group operates. Meetings and attendance The Audit Committee met twice during the year ended 31 March 2023. The Committee has met with the external auditor to agree the Audit Plan. The Chief Executive Officer and the Finance Director are also routinely invited to Committee meetings. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 43 The attendance at the Audit Committee meetings is set out in the following table: • Andrew Brode Ric Pipe 2/2 2/2 Internal financial control systems: The Committee reviewed the observations made by the independent auditor, as part of the audit process, and management’s responses and actions. The Committee was satisfied that it was appropriate for the Board to make the statements regarding internal controls included in the Corporate Governance Statement. Ric Piper, the Committee Chairman, and Andrew Brodie, Chairman of the Board and Committee Member, each met privately with the senior statutory auditor, Tim Neathercoat, outside of the Committee meetings. As reported to the Board at its monthly meetings, compliance reviews, both of financial and operational activities, were satisfactorily completed for the Group’s International Organisation for Standardisation (’ISO’) accreditations. OPERATION OF THE COMMITTEE Internal Audit is reported on above. Each year, the Committee works to a planned programme of activities which are focused on key events in the annual financial reporting cycle and other matters that are considered in accordance with its Terms of Reference. It provides oversight and guidance to contribute to the ongoing good governance of the business, particularly by providing assurance that shareholders’ interests are being properly protected by appropriate financial management, reporting and internal controls. The main activities of the Committee in the year ended 31 March 2023 are as follows: • • • Financial statements: The Committee reviewed the Annual Report. Presentations were made by management and the auditor about the key technical and judgemental matters relevant to the financial statements. Further information is provided below in the section ’Significant issues related to the financial statements’. Taxation: The Group operates under varied tax regimes. The completeness and valuation of provisions to cover the range of potential final determinations by the tax authorities of the Group’s tax positions are the subject of judgement. Further information is set out in note 6 to the financial statements. The provisions held by the Group were reviewed by management as at 31 March 2023. The Committee agreed with management’s assessment of the Group’s tax provisions. The Committee notes that the Group is committed to paying the correct amount of tax and receiving the correct amount of research and development tax credits and will only undertake transactions that have a genuine commercial purpose. Fair, balanced and understandable: The content and disclosures made in the Annual Report are subject to a verification exercise by management to ensure that no statement is misleading in the form and context in which it is included, no material facts are omitted which may make any statement of fact or opinion misleading, and implications which might be reasonably drawn from the statement are true. The Committee was satisfied that it was appropriate for the Board to approve the financial statements and that the Annual Report taken as a whole is fair, balanced and understandable such that it allows shareholders to assess the Group’s performance against the Group’s strategy and business model. The Chairman of the Committee reported to the Board on the Committee’s activities after each meeting, identifying relevant matters requiring communication to the Board and recommendations on the steps to be taken. SIGNIFICANT ISSUES RELATED TO THE FINANCIAL STATEMENTS The Committee reviewed the key judgements applied to a number of significant issues in the preparation of the financial statements. The review included consideration of the following: Revenue recognition and recoverability of accounts receivables The Group has well-developed accounting policies for revenue recognition – see the ’Principal accounting policies’ section in the financial statements. The Committee receives reports from management and from the independent auditor to ensure that the policies are complied with across the Group. The Board also receives regular reports on the collectability of aged accounts receivables, accrued income and deferred income, together with aged payables. On the basis of these reports, the Committee concluded that it was content with the judgements that had been made. Intangibles: accounting As set out in the intangibles accounting policy in the financial statements, the Group has significant unamortised intangibles including goodwill. As at 31 March 2023, the Committee agreed with the management’s recommendation on capitalisation and that no impairment charge was required. Intangibles impairment assessments (including assumptions about future performance) are carried out at least annually by management and reviewed by the Board and the Committee. Further information about the important matters of assumptions, headroom and sensitivities is provided under note 9 Goodwill on page 78. Going concern The Group has recorded a loss for the year of £1.2 million (2022: £1.0 million) and at 31 March 2023 its current liabilities exceeded its current assets by £4.6 million (2022: £3.2 million). Notwithstanding this, the Directors consider it appropriate to prepare the financial statements on a going concern basis. Further information is provided under Principal Accounting Policies – Going concern on page 64. The financial statements do not include the adjustments that would be required should the going concern basis of preparation no longer be appropriate. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 44 INDEPENDENT AUDITOR The appointment of the independent auditor is approved by shareholders annually. The independent auditor’s audit of the financial statements is conducted in accordance with International Standards on Auditing (UK) (’ISAs’), issued by the Financial Reporting Council. There are no contractual obligations that act to restrict the Committee’s choice of external auditor. BDO LLP became the Group’s independent auditor for the financial year ended March 2019. In accordance with BDO’s policies, after five years as the Group’s senior statutory auditor, Tim Neathercoat will step down at the conclusion of the Annual General Meeting. The Board thanks Mr. Nethercoat for the high standard of his professional work for GRCI’s shareholders This year, having considered the effectiveness and performance of the independent auditor, the Committee has recommended to the Board the appointment of BDO LLP as independent auditor of the Company for the next financial year. The Committee regulates the appointment of former employees of the independent auditor to positions in the Group. The independent external auditor also operates procedures designed to safeguard its objectivity and independence. These include the periodic rotation of the senior statutory auditor (as noted above), use of independent concurring partners, use of a technical review panel (where appropriate) and annual independence confirmations by all staff. The independent auditor reports to the Committee on matters including independence and non-audit work, on an annual basis. RISK MANAGEMENT AND INTERNAL CONTROL The Group holds weekly Executive Directors’ meetings to discuss all business matters which includes risks and risk mitigation. Depending on the nature of the risk, it is escalated to the Committee and/or Board meetings for review. The Group’s principal risks and uncertainties and the Board’s approach to mitigation are set out on pages 26 and 27 of the Annual Report. Services, independence and fees The independent auditor provides the following: EVALUATION OF THE COMMITTEE There are no matters to report to shareholders. APPROVAL This report was approved by the Committee, on behalf of the Board, and signed on its behalf by: Ric Piper Chair of the Audit Committee • • A report to the Committee giving an overview of the results and judgements and observations on the control environment. An opinion on the truth and fairness of the Group financial statements. The Committee monitors the cost effectiveness of audit and any non-audit work performed by the independent auditor and also considers the potential impact, if any, of this work on independence. It recognises that certain work of a non-audit nature may be best undertaken by the independent auditor as a result of its unique position and knowledge of key areas of the Company. Approval is required, prior to the independent auditor commencing any material non-audit work, in accordance with a Group policy approved by the Committee. Certain work, such as providing bookkeeping services and taxation planning advice, is prohibited. The Committee requires that non-audit fees do not have any material negative impact on BDO’s independence. Further, the Committee seeks positive evidence of the independence of the independent auditor through its challenge to management. The Committee regularly reviews all fees for non-audit work paid to the independent auditor. As last year there were no fees paid to BDO LLP for non-audit work in the year ended 31 March 2023 or in the year ended 31 March 2022. The Committee will continue to keep the area of non-audit work under close review, particularly in the context of developing best practice on auditor’s independence. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 REMUNERATION COMMITTEE REPORT 45 On behalf of the Board, I am pleased to present the Directors’ Remuneration Report for the year ended 31 March 2023. This report is intended to explain how the Remuneration Committee (the ’Committee’) has met its responsibilities. Whilst there is no requirement for companies quoted on AIM to produce a formal Remuneration Report, the Committee prepares this Remuneration Report for information purposes in order to give shareholders, and other users of the financial statements, greater transparency about the way in which the Directors of GRC International Group plc are remunerated. This report sets out the remuneration paid to the Directors for the year ended 31 March 2023 and sets out the remuneration policy for the forthcoming financial year and beyond. The Committee’s Terms of Reference can be obtained from the Company Secretary on application via https://www.grci.group/ contact. In exercising their roles, the Directors shall have regard to the recommendations put forward in the QCA Code and, where appropriate, the QCA Remuneration Committee Guide and associated guidance. COMMITTEE MEMBERSHIP, MEETINGS AND ATTENDANCE MEMBERSHIP The Committee comprises two Non-Executive Directors: • Ric Piper (Chairman of the Committee and independent Non- Executive Director); and • Andrew Brode (Chairman of the Board). The Chief Executive Officer and the Finance Director only attend meetings by invitation from the Committee. They are not present when their own remuneration is being discussed. Meetings and attendance The Remuneration Committee met once during the year ended 31 March 2023. The attendance at the Remuneration Committee meetings is set out in the following table. We value the views of our shareholders and guidance issued by investor bodies. As Chair of the Committee, I will be available at the AGM to respond to any questions shareholders may raise on any of the Committee’s activities. Andrew Brode Ric Piper 1/1 1/1 AIMS AND OBJECTIVES The Committee has responsibility for determining the overall remuneration policies and practices within GRC International Group plc, taking into account applicable laws, regulations and the principles of good governance. In particular, the Committee is responsible for: • Setting the remuneration policy for all Executive Directors; • Approving their remuneration packages; • • • • Reviewing the ongoing appropriateness and relevance of the remuneration policy; Reviewing and approving the overall remuneration spend (fixed and variable) to ensure that evidence exists to demonstrate that awards have been adjusted where appropriate for risk and will not limit the ability to strengthen the capital base; Approving the design of, and determining targets for, all performance-related incentive plans operated by the Group and approving the total annual payments made under such plans; and Reviewing the design of all share incentive plans for approval by the Board and shareholders. For plans such as these, the Committee will make recommendations to the Board on proposals for the granting of share options, and other equity incentives, pursuant to any employee share option scheme or equity incentive plans in operation from time to time. REMUNERATION POLICY OBJECTIVES The main objective of the Committee is to ensure that the Company’s policy: • • • • Attracts, motivates and retains executives in order to deliver the Group’s strategic goals and business outputs; Encourages and supports a high-performance sales and service culture; Adheres to the principles of good corporate governance and appropriate risk management; and Aligns executives with the interests of shareholders and other key stakeholders. We remain committed to a remuneration policy that rewards high individual performance to drive strong results. BASIC SALARY The basic salaries of the Group’s Executive Directors will be reviewed on an annual basis. The Committee seeks to establish a basic salary for each position commensurate with the individual’s responsibilities and performance, taking into account comparable salaries for similar companies of a similar size in the same market. In part to reflect his increasing responsibilities across the Group, the Committee increased Chris Hartshorne’s annual salary from £135,000 to £155,000 with effect from 1 September 2022. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 46 DIRECTORS’ REMUNERATION The remuneration of each of the Directors during the year ended 31 March 2023 has been audited as part of the financial statements and is set out in detail below: Directors’ remuneration for the year ended 31 March 2023 Andrew Brode Alan Calder Christopher Hartshorne Ric Piper Directors’ remuneration for the year ended 31 March 2022 Andrew Brode Alan Calder Christopher Hartshorne Ric Piper Salary and fees All taxable benefits Annual bonuses Pension - 220 147 35 - - - - - 44 27 - - 33 1 - Salary and fees All taxable benefits Annual bonuses Pension - 220 135 35 - - - - - - - - - 33 1 - Total for the year ended 2023 - 297 175 35 Total for the year ended 2022 - 253 136 35 The Executive Directors have entered into a service agreement with the Company. Each Director’s appointment will be terminable on six months’ notice given by either party and summarily by the Company in certain limited circumstances. Each Director has given certain non-compete and non- solicitation undertakings which will apply during his engagement and in respect of the period of 12 months post termination. SHARE-BASED INCENTIVE SCHEMES In order to align the interests of shareholders and employees following admission to AIM, the Company adopted an employee share option scheme, as further detailed in the Group’s AIM admission document which is available on the Group’s website at https://www.grci.group/investors. Share options held at 31 March 2023 are set out below: Exercise price (pence per share) Total exercise value Shares 315,000 42.85714 £135,000 100,000 25.00 £25,000 Chris Hartshorne (Round 1) Chris Hartshorne (Round 2) 50% of the Round 1 options held by Chris Hartshorne vested and became exercisable from the date of admission to AIM. The remaining 50% had not vested at the year end. None of these options have been exercised. Following admission in March 2018 options were limited to a further 10% of the nominal value of the shares in issue at 6:00 p.m. (London time) on the date which is three business days following Admission. Options granted following Admission are subject to standard performance conditions, as determined and recommended by the Remuneration Committee in accordance with the plan rules. Directors’ share interests at 31 March 2023 are set out below: Alan Calder Calder family (including Alan’s shares above) Andrew Brode Ric Piper Chris Hartshorne 27,397,311 shares (25.41%) 29,922,421 shares (27.75%) 13,972,108 shares (12.96%) 319,231 shares (0.30%) 11,760 shares (0.01%) Following approval by the independent shareholders of the Company at the 2022 AGM, on the business day following AGM results 100,000 options were granted to Mr Hartshorne. There have been no changes between 31 March 2023 and the date that this Report was signed. Due to the market price being less than the exercise price on all options in existence there is no share based payment charge in the year. OTHER BENEFITS Depending on the exact terms of each individual Executive Director’s service contract with GRC International Group plc, they are entitled to a range of benefits including contributions to pension schemes. BONUSES As reported in last year’s Remuneration Report for FY22, on 23 June 2022 and reflecting the Executive Directors’ commitment and achievements over several challenging years, the Committee awarded discretionary bonuses of 20% of respective salary to the two executive directors, totalling £71,000. No bonuses for executive directors had been awarded in the four years of FYs 19,20,21 or 22. The bonuses are included in the Directors’ remuneration table in the Annual Report for FY23. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 47 NON-EXECUTIVE DIRECTORS The Group has two Non-Executive Directors: Andrew Brode, the Chairman and Ric Piper. Both Non-Executive Directors have letters of appointment. Initially for a three-year period from Admission to AIM in March 2018, appointments are now reviewed annually. The Non-Executive Directors’ letters of appointment do not provide specifically for any termination payments, although the Group might make payments in lieu of notice. Non-Executive Director fees are determined by the Executive Directors, having regard to the requirement to attract high-calibre individuals with the right experience, the time requirements and the responsibilities incumbent on an individual acting as a Non- Executive Director for a company, such as GRC International Group plc, admitted to trading on AIM. The Non-Executive Directors are not eligible for annual discretionary bonuses and do not participate in the Group’s long-term incentive plans. At his request, the Chairman does not receive a Director’s fee or other remuneration. Throughout FY23 Ric Piper received an annual fee of £35,000, paid monthly in arrears. Subsequent to the year end, the Board (excluding Ric Piper) increased Mr Piper’s annual fee from £35,000 (as determined at Admission to AIM in 2018) to £42,500 with effect from 1 July 2023. EVALUATION OF THE COMMITTEE There is nothing to report to shareholders.. APPROVAL This report was approved by the Committee, on behalf of the Board, and signed on its behalf by: Ric Piper Chair of the Remuneration Committee GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 48 DIRECTORS’ REPORT The Directors present their annual report on the affairs of the Group, together with the financial statements and Auditor’s Report, for the year ended 31 March 2023. The Corporate Governance Statement set out on pages 34 and 35 forms part of this report. There have been no significant events since the balance sheet date. An indication of likely future developments in the business of the Company are included in the Strategic Report. Information about the use of financial instruments by the Company and its subsidiaries is given in notes 17 and 18 to the financial statements. CAPITAL STRUCTURE AND DIVIDENDS The Board is not proposing a dividend for the year. Details of the authorised and issued share capital, together with details of the movements in the Company’s issued share capital during the year are shown in note 23 to the financial statements. The Company has one class of ordinary shares which carry no right to fixed income. Each share carries the right to one vote at general meetings of the Company. There are no specific restrictions on the size of a holding nor on the transfer of shares, which are both governed by the general provisions of the Articles of Association and prevailing legislation. The Directors are not aware of any agreements between holders of the Company’s shares that may result in restrictions on the transfer of securities or on voting rights. Details of employee share schemes are set out in note 23 to the financial statements. DIRECTORS’ INDEMNITIES The Company has made qualifying third-party indemnity provisions for the benefit of its Directors which were made during the year and remain in force at the date of this report. EMPLOYEE CONSULTATION The Group places considerable value on the involvement of its employees and has continued to keep them informed on matters affecting them as employees and on the various factors affecting the performance of the Group. This is achieved through formal and informal meetings, the Company magazine and a special edition for employees of the annual financial statements. Employee representatives are consulted regularly on a wide range of matters affecting their current and future interests. The employee share scheme has been running successfully since its inception on 12 February 2018. Options can be granted to any employee or Director within the Group. The Board may set performance or time conditions for vesting. The option holder indemnifies the Company against income tax and national insurance. Options are normally exercisable after they have vested. In addition, all employees receive an annual bonus related to the overall profitability of the Group. R&D ACTIVITY Research activity is expensed through the income statement as it is incurred. At the point where all relevant recognition criteria are met the expenditure incurred on internally guaranteed intangible fixed assets, where relevant to development activity, is capitalised in line with the Group’s accounting policy. AUDITOR Each of the persons who is a Director at the date of approval of this Annual Report confirms that: • • so far as the Director is aware, there is no relevant audit information of which the Group’s auditor is unaware; and the Director has taken all the steps that he/she ought to have taken as a Director in order to make himself/herself aware of any relevant audit information and to establish that the Group’s auditor is aware of that information. No person has any special rights of control over the Company’s share capital and all issued shares are fully paid. The Directors’ Report was approved by the Board of Directors and signed on its behalf. With regard to the appointment and replacement of Directors, the Company is governed by its Articles of Association, the Companies Act 2006 and related legislation. The Articles themselves may be amended by special resolution of the shareholders. The powers of Directors are described in the Main Board Terms of Reference, copies of which are available on request, and the Corporate Governance Statement on pages 34 and 35. Under its Articles of Association, the Company has authority to issue up to 10% of issued share capital. Directors The Directors, who served throughout the year, are as follows: • Andrew Brode – Non-Executive Chairman • Alan Calder – Chief Executive Officer • Christopher Hartshorne – Finance Director • Ric Piper – Independent Non-Executive Director Alan Calder Director 4 September 2023 GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 STATEMENT OF DIRECTORS’ RESPONSIBILITIES 49 The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Company’s transactions and disclose with reasonable accuracy at any time the financial position of the Company, and enable them to ensure that the financial statements comply with the requirements of the Companies Act 2006. They are also responsible for safeguarding the assets of the Group, and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities. The Directors are responsible for ensuring the Annual Report and the financial statements are made available on a website. Financial statements are published on the Group’s website in accordance with legislation in the United Kingdom governing the preparation and dissemination of financial statements, which may vary from legislation in other jurisdictions. The maintenance and integrity of the Group’s website is the responsibility of the Directors. The Directors’ responsibility also extends to the ongoing integrity of the financial statements contained therein. The Directors are responsible for preparing the Annual Report and the financial statements in accordance with applicable law and regulations. Company law requires the Directors to prepare financial statements for each financial period. Under that law the Directors have elected to prepare the Group’s Consolidated Financial Statements in accordance with UK adopted international accounting standards and the Company’s Financial Statements in accordance with United Kingdom generally accepted accounting practice (United Kingdom accounting standards and applicable law). Under company law the Directors must not approve the financial statements unless they are satisfied that they give a true and fair view of the state of affairs of the Group and Company and of the profit or loss of the Group for that period. The Directors are also required to prepare financial statements in accordance with the rules of the London Stock Exchange for companies trading securities on the AIM. In preparing these financial statements, the Directors are required to: • • • • select suitable accounting policies and then apply them consistently; make judgements and accounting estimates that are reasonable and prudent; state whether they have been prepared in accordance with IFRS subject to any material departures disclosed and explained in the financial statements; and prepare the financial statements on a going concern basis unless it is inappropriate to presume that the Group will continue in business. GOVERNANCEGRC International Group plc / Annual Report & Accounts 2023 50 50 GRC International Group plc / Annual Report & Accounts 2023STRATEGIC REPORT 51 Financial Statement IN THIS SECTION Independent Auditor’s Report Consolidated Income Statement Consolidated Statement of Comprehensive Income Consolidated Balance Sheet Consolidated Statement of Changes in Equity 52 60 60 61 62 Consolidated Statement of Cash Flows 63 Nature of Operations and General Information Notes to the Financial Statements Company Balance Sheet Company Statement of Changes in Equity Notes to the Company Financial Statements 64 73 89 90 91 GOVERNANCE 52 INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF GRC INTERNATIONAL GROUP PLC OPINION ON THE FINANCIAL STATEMENTS In our opinion: • the financial statements give a true and fair view of the state of the Group’s and of the Parent Company’s affairs as at 31 March 2023 and of the Group’s loss for the year then ended; • • • the Group financial statements have been properly prepared in accordance with UK adopted International Accounting Standards; the Parent Company financial statements have been properly prepared in accordance with United Kingdom Generally Accepted Accounting Practice; and the financial statements have been prepared in accordance with the requirements of the Companies Act 2006. We have audited the financial statements of GRC International Group plc (the ‘Parent Company’) and its subsidiaries (the ‘Group’) for the year ended 31 March 2023 which comprise the Consolidated Income Statement, the Consolidated Statement of Comprehensive Income, the Consolidated Balance Sheet, the Consolidated Statement of Changes in Equity, the Consolidated Statement of Cash Flows, the Company Balance Sheet, the Company Statement of Changes in Equity and notes to the financial statements, including a summary of significant accounting policies. The financial reporting framework that has been applied in the preparation of the Group financial statements is applicable law and UK adopted International Accounting Standards. The financial reporting framework that has been applied in the preparation of the Parent Company financial statements is applicable law and United Kingdom Accounting Standards, including Financial Reporting Standard 101 Reduced Disclosure Framework (United Kingdom Generally Accepted Accounting Practice). OVERVIEW Coverage 91% (2022: 74%) of Group profit before tax 99% (2022: 82%) of Group revenue 93% (2022: 90%) of Group total assets Key audit matters Going concern Impairment of goodwill and intangible assets Revenue recognition BASIS FOR OPINION We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and applicable law. Our responsibilities under those standards are further described in the Auditor’s responsibilities for the audit of the financial statements section of our report. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. INDEPENDENCE We remain independent of the Group and the Parent Company in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard as applied to listed entities, and we have fulfilled our other ethical responsibilities in accordance with these requirements. CONCLUSIONS RELATING TO GOING CONCERN In auditing the financial statements, we have concluded that the Directors’ use of the going concern basis of accounting in the preparation of the financial statements is appropriate. Our evaluation of the Directors’ assessment of the Group and the Company’s ability to continue to adopt the going concern basis of accounting is set out in the key audit matters section of this report below. Based on the work we have performed, we have not identified any material uncertainties relating to events or conditions that, individually or collectively, may cast significant doubt on the Group and the Company’s ability to continue as a going concern for a period of at least twelve months from when the financial statements are authorised for issue. Our responsibilities and the responsibilities of the Directors with respect to going concern are described in the relevant sections of this report. 2023 2022 4 4 4 ✖ 4 4 Materiality Group financial statements as a whole £235K (2022:£222K) based on 1.6% (2022: 1.6%) of group revenue. AN OVERVIEW OF THE SCOPE OF OUR AUDIT Our Group audit was scoped by obtaining an understanding of the Group and its environment, including the Group’s system of internal control, and assessing the risks of material misstatement in the financial statements. We also addressed the risk of management override of internal controls, including assessing whether there was evidence of bias by the Directors that may have represented a risk of material misstatement. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF GRC INTERNATIONAL GROUP PLC CONTINUED 53 All full scope audit work and targeted procedures were performed by the Group engagement team and, as such, there was no involvement of other auditors in the audit of the Group’s financial statements. Including the Company, we identified 3 group companies as being significant components, and performed full scope audits on these components. We conducted further targeted procedures on balances in six other group companies. We subjected all other non-significant components to limited scope analytical procedures. KEY AUDIT MATTERS Key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the financial statements of the current period and include the most significant assessed risks of material misstatement (whether or not due to fraud) that we identified, including those which had the greatest effect on: the overall audit strategy, the allocation of resources in the audit, and directing the efforts of the engagement team. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters. GOING CONCERN Key Audit Matter The Group’s going concern assessment is disclosed on page 64. How the scope of our audit addressed the key audit matter We considered going concern to be significant area in our audit due to below main factors; • • • Group has recurring operating losses, recording a loss of £1.3m for the year (2022: £1m) Group’s current liabilities exceeded its current assets by £4.6m (2022: £3.2m) Low cash reserves of £139k (2022: 2.1m) at the year ended 31 March 2023 The Directors have prepared the Group and Parent Company financial statement on a going concern basis. We identified a significant risk that the going concern assessment made by the directors may not be accurately disclosed or that the assessment itself is not balanced in how it portrays the risks relating to the generation of future operating and financing cash flows. Our evaluation of the Directors’ assessment of the Group and the Parent Company’s ability to continue to adopt the going concern basis of accounting for the period of 12 months from approval of the Group financial statements included: • • • • • • • An examination of the terms of the Group’s borrowing arrangements and repayment plans for HMRC liabilities and compared the repayment terms to the Group’s projected cash flows; A critical assessment of the Directors’ financial forecasts and the underlying key assumptions, including operating and capital expenditure, forecast income and working capital balances. In doing so, we considered factors such as whether the forecast operating expenditure is reasonable in light of historic levels of expenditure and reliability of revenue forecasting by reference to historic revenue generation run rates in recent months, and industry growth rates; Consideration of the impact of low growth scenario prepared by the Directors on the Group’s ability to generate profits from future trading and on its forecast cash position; A mechanical check of the mathematical accuracy of the going concern model prepared by the Directors and the underlying calculations used within it; Obtaining information concerning the working capital position as at the last practical date for which information was available post year end and comparing this to the amounts assumed as at that date in the forecast trading scenarios; Obtaining and evaluating facility letters confirming the availability of unsecured loan facility and invoicing discounting facility.; and An evaluation of the adequacy of disclosure made in the financial statements in respect of going concern, against the requirements of accounting standards and assessing whether information that is material to the Directors’ going concern assessment has been disclosed. Key observations See the Conclusions relating to going concern section of this report above. The disclosures are appropriate and adequately explain the Directors’ considerations relating to going concern. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 54 INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF GRC INTERNATIONAL GROUP PLC CONTINUED IMPAIRMENT OF GOODWILL AND INTANGIBLE ASSETS Key Audit Matter The Group’s accounting policy for impairment is disclosed on page 67. Further detail concerning the Group’s impairment testing is disclosed in note 9. Information relating to the judgements and estimates is set out on page 72. In accordance with IAS 36 Impairment of Assets, goodwill is tested for impairment annually. The Group’s goodwill balance is included in the DQM cash generating unit (“CGU”), along with acquired finite-lived intangible assets. Management performed an impairment test on a value in use basis which requires significant management judgement over the timing and degree of certainty attaching to forecast net cash flows and the rate at which those future cash flows should be discounted to present value. The degree of management judgement involved and the high sensitivity of the conclusion to changes in key assumptions was the reason we assessed this area to be significant in our audit. How the scope of our audit addressed the key audit matter Our work on the impairment test prepared by management had a dual focus: firstly, to check the model was mechanically accurate and prepared in accordance with the detailed requirements of IAS36 and secondly, to check that the assumptions regarding future cash flows and the rate at which they had been discounted were appropriate to the CGU’s circumstances. We did this by: • • • • • • Analysing industry growth forecasts and comparing that information to the impairment test growth forecasts; Comparing historic performance with future budgeted performance; Obtaining and comparing post year end trading and current pipeline of customer activity to that forecast; Making enquiries of management at group and CGU level to identify any unusual factors in the impairment test forecasts or matters which may impact on the suitability of related assumptions, such as the discount rate; Assessing with the assistance of our valuations experts the composition of the discount rate used; and Recalculating the impairment test sensitivities prepared by management and checking that these are appropriate and adequately disclosed in note 9. We used internal valuations experts in order to assist with our interrogation of the accuracy and technical operation of the impairment testing model. Key observations We consider that the judgements and estimates made by management are within an acceptable range and that the overall conclusion the Directors have reached and the disclosures provided, that no impairment has arisen, is reasonable. The disclosures adequately explain the sensitivities and the impact that different, reasonable judgements in relation to DQM’s future cash flows and discount rate could have on the impairment calculations. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF GRC INTERNATIONAL GROUP PLC CONTINUED 55 REVENUE RECOGNITION Key Audit Matter The Group’s accounting policy for revenue recognition is disclosed on page 65 and 66 and the financial statements disclose further detail concerning the Group’s revenues in note 2. We considered that a significant risk of material misstatement existed in relation to the possibility of overstatement of revenue; we assessed the audit risk for each revenue stream and identified that the significant risk existed in consultancy and software revenue streams; • • There is a significant risk associated with consultancy stream which present itself in the ongoing projects where there is a revenue deferral element. We have considered that revenue overstatement may have arisen predominantly through under-deferral of consultancy revenues invoiced pre year end but earned post year end because of the nature of the Group’s contracts and invoicing arrangements. There is a significant risk associated with software revenue stream specific to the accounting and recognition of revenue in relation to bundled sales because of the presence of inherent risk that prices and discounts associated with the bundled services are not applied appropriately to each service bundled leading to revenues being overstated. How the scope of our audit addressed the key audit matter Our procedures across revenues as a whole included an assessment of the compliance of the Group’s applied accounting policies to the requirements of IFRS 15 Revenue from Contracts with Customers and testing a sample of invoices to supporting documentation including contracts, records of delivery or of performance of services, from sources outside the Group or from systems independent of the Group’s accounting systems. This enabled us to check that the Group’s accounting policies were not designed in such a way that revenues may be recorded in advance of the Group meeting its performance obligations. For consultancy revenue streams, we have checked that the revenue and deferred income split is performed accurately for the ongoing projects and revenues have been deferred appropriately by inspection of documentation confirming the occurrence of the transaction, based on a representative sample of revenues invoiced pre-year end and post-year end. For software revenue stream, based on a representative sample, we have checked that the prices and discounts have been applied to the bundled sales appropriately in line with the contracts with customers in place and associated revenue is recognised for each service offered in line with the applicable revenue recognition policy. Using data interrogation software, we have determined the accounts to which the contra revenue journals posted. This enabled us to identify whether there are any unexpected postings. On a sample basis, we have agreed journal entries posted to revenue to source documents, which enabled us to check that entries recorded in revenue arose from transactions that existed. Key observations Nothing has come to our attention as a result of performing the above procedures that causes us to believe that revenues have been overstated or recorded in the incorrect period. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 56 INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF GRC INTERNATIONAL GROUP PLC CONTINUED OUR APPLICATION OF MATERIALITY We apply the concept of materiality both in planning and performing our audit, and in evaluating the effect of misstatements. We consider materiality to be the magnitude by which misstatements, including omissions, could influence the economic decisions of reasonable users that are taken on the basis of the financial statements. In order to reduce to an appropriately low level the probability that any misstatements exceed materiality, we use a lower materiality level, performance materiality, to determine the extent of testing needed. Importantly, misstatements below these levels will not necessarily be evaluated as immaterial as we also take account of the nature of identified misstatements, and the particular circumstances of their occurrence, when evaluating their effect on the financial statements as a whole. Based on our professional judgement, we determined materiality for the financial statements as a whole and performance materiality as follows: Materiality Group financial statements Parent company financial statements 2023 £’000 235 2022 £’000 222 2023 £’000 176 2022 £’000 166 Basis for determining materiality Set based on 1.6% of revenue 75% of group materiality Rationale for the benchmark applied We considered revenue to be the most appropriate performance measure as it reflects the volume of business undertaken by the Group, which is a key measure of performance for the Group at this stage in its life cycle. Calculated as a percentage of Group materiality given the assessment of aggregation risk. Performance materiality 137 138 102 103 Basis for determining performance materiality Set based on 58% (2022: 62%) of materiality following evaluation of the expected total value of known and likely misstatements, management’s attitude to proposed adjustments, and the nature of our planned testing. COMPONENT MATERIALITY For the purposes of our Group audit opinion, we set materiality for each significant component of the Group, based on a percentage of between 14% and 75% (2022: 17% and 75% ) of Group materiality dependent on the size and our assessment of the risk of material misstatement of that component. Component materiality ranged from £32,000 to £176,000 (2022: £37,000 to £166,000). In the audit of each component, we further applied performance materiality levels of 58% (2022: 62%) of the component materiality to our testing to ensure that the risk of errors exceeding component materiality was appropriately mitigated. REPORTING THRESHOLD We agreed with the Audit Committee that we would report to them all individual audit differences in excess of £5,800 (2022:£5,500). We also agreed to report differences below this threshold that, in our view, warranted reporting on qualitative grounds. OTHER INFORMATION The directors are responsible for the other information. The other information comprises the information included in the Annual Report and Accounts other than the financial statements and our auditor’s report thereon. Our opinion on the financial statements does not cover the other information and, except to the extent otherwise explicitly stated in our report, we do not express any form of assurance conclusion thereon. Our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the course of the audit, or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether this gives rise to a material misstatement in the financial statements themselves. If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF GRC INTERNATIONAL GROUP PLC CONTINUED 57 OTHER COMPANIES ACT 2006 REPORTING Based on the responsibilities described below and our work performed during the course of the audit, we are required by the Companies Act 2006 and ISAs (UK) to report on certain opinions and matters as described below. Strategic report and Directors’ report In our opinion, based on the work undertaken in the course of the audit: • • the information given in the Strategic report and the Directors’ report for the financial year for which the financial statements are prepared is consistent with the financial statements; and the Strategic report and the Directors’ report have been prepared in accordance with applicable legal requirements. In the light of the knowledge and understanding of the Group and Parent Company and its environment obtained in the course of the audit, we have not identified material misstatements in the strategic report or the Directors’ report. Matters on which we are required to report by exception We have nothing to report in respect of the following matters in relation to which the Companies Act 2006 requires us to report to you if, in our opinion: • • • • adequate accounting records have not been kept by the Parent Company, or returns adequate for our audit have not been received from branches not visited by us; or the Parent Company financial statements are not in agreement with the accounting records and returns; or certain disclosures of Directors’ remuneration specified by law are not made; or we have not received all the information and explanations we require for our audit. RESPONSIBILITIES OF DIRECTORS As explained more fully in the Statement of Directors’ Responsibilities the Directors are responsible for the preparation of the financial statements and for being satisfied that they give a true and fair view, and for such internal control as the Directors determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, the Directors are responsible for assessing the Group’s and the Parent Company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the Directors either intend to liquidate the Group or the Parent Company or to cease operations, or have no realistic alternative but to do so. AUDITOR’S RESPONSIBILITIES FOR THE AUDIT OF THE FINANCIAL STATEMENTS Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 58 INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF GRC INTERNATIONAL GROUP PLC CONTINUED EXTENT TO WHICH THE AUDIT WAS CAPABLE OF DETECTING IRREGULARITIES, INCLUDING FRAUD Irregularities, including fraud, are instances of non-compliance with laws and regulations. We design procedures in line with our responsibilities, outlined above, to detect material misstatements in respect of irregularities, including fraud. The extent to which our procedures are capable of detecting irregularities, including fraud is detailed below: NON-COMPLIANCE WITH LAWS AND REGULATIONS Based on: • • • Our understanding of the legal and regulatory frameworks that are applicable to GRC International plc and the industry in which it operates; Discussion with management and those charged with governance and the Audit Committee and Obtaining and understanding of the Group’s policies and procedures regarding compliance with laws and regulations; we considered that the most significant laws and regulations which are directly relevant to specific assertions in the financial statements are those related to the reporting framework (UK adopted International Accounting Standards and the Companies Act 2006), labour regulations and taxation in the United Kingdom. Our procedures in respect of the legal and regulatory compliance included: • • • • Review of minutes of meetings of those charged with governance for any instances of non-compliance with laws and regulations; Review of correspondence with regulatory and tax authorities for any instances of non-compliance with laws and regulations; Review of financial statement disclosures and agreeing to supporting documentation; Review of legal expenditure accounts to understand the nature of expenditure incurred. FRAUD We assessed the susceptibility of the financial statements to material misstatement, including fraud. Our risk assessment procedures included: • Enquiry with management and those charged with governance, and the Audit Committee regarding any known or suspected instances of fraud; • Obtaining an understanding of the Group’s policies and procedures relating to: • • Detecting and responding to the risks of fraud; and Internal controls established to mitigate risks related to fraud. • • • • • Obtaining an understanding how senior management monitors those procedures and controls; Considering potential fraud drivers including financial or other pressures, opportunity, and personal or corporate motivations; Review of minutes of meeting of those charged with governance for any known or suspected instances of fraud; Discussion amongst the engagement team as to how and where fraud might occur in the financial statements; and Performing analytical procedures to identify any unusual or unexpected relationships that may indicate risks of material misstatement due to fraud. Based on our risk assessment, We have identified fraud risks associated with management override of controls, revenue recognition as indicated in the KAM section of this report and intangibles asset capitalisation. Our procedures in respect of the above included: • • • • Testing a sample of journal entries throughout the year using data interrogation tools to identify accounting entries which we considered were indicative of management override. We corroborated such journals to supporting documentation. We also reviewed the consolidation journals and other adjustments made in the preparation of the financial statements to check these were in line with our expectation of journals required on consolidation. Performing audit procedures in relation to the occurrence of revenue and the timing and accuracy of revenue recognition We also challenged assumptions made by management in key areas of estimation uncertainty or judgement, for example in the Group’s testing of goodwill (see key audit matters above) and intangible asset impairment and intangible asset capitalisation. Assessing capitalisation of expenditure by testing a sample of capitalised items, performing a review of income statement accounts which may include capital items and testing a sample of capitalisation journals. We also communicated relevant identified laws and regulations and potential fraud risks to all engagement team members and remained alert to any indications of fraud or non-compliance with laws and regulations throughout the audit. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 INDEPENDENT AUDITOR’S REPORT TO THE MEMBERS OF GRC INTERNATIONAL GROUP PLC CONTINUED 59 Our audit procedures were designed to respond to risks of material misstatement in the financial statements, recognising that the risk of not detecting a material misstatement due to fraud is higher than the risk of not detecting one resulting from error, as fraud may involve deliberate concealment by, for example, forgery, misrepresentations or through collusion. There are inherent limitations in the audit procedures performed and the further removed non-compliance with laws and regulations is from the events and transactions reflected in the financial statements, the less likely we are to become aware of it. A further description of our responsibilities is available on the Financial Reporting Council’s website at: www.frc.org.uk/auditorsresponsibilities. This description forms part of our auditor’s report. USE OF OUR REPORT This report is made solely to the Parent Company’s members, as a body, in accordance with Chapter 3 of Part 16 of the Companies Act 2006. Our audit work has been undertaken so that we might state to the Parent Company’s members those matters we are required to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the Parent Company and the Parent Company’s members as a body, for our audit work, for this report, or for the opinions we have formed. Tim Neathercoat (Senior Statutory Auditor) For and on behalf of BDO LLP, Statutory Auditor London, UK 4 September 2023 BDO LLP is a limited liability partnership registered in England and Wales (with registered number OC305127). FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 60 CONSOLIDATED INCOME STATEMENT FOR THE YEAR ENDED 31 MARCH Revenue Cost of sales Gross profit Administrative expenses Other operating income Operating loss Net finance costs Share of post-tax loss of equity-accounted joint ventures Loss before taxation Taxation Loss for the financial year Loss for the financial year attributable to: Equity shareholders of the parent Basic loss per share (pence) Diluted loss per share (pence) Notes 2 3 3 5 6 7 7 2023 £’000 14,660 (5,783) 8,877 (10,423) 121 (1,425) (190) – (1,615) 365 (1,250) (1,250) (1.16) (1.16) 2022 £’000 13,902 (5,698) 8,204 (9,141) 240 (697) (304) (2) (1,003) 6 (997) (997) (0.98) (0.98) All of the Group’s loss relates to continuing operations. The accompanying accounting policies and notes form an integral part of these financial statements. CONSOLIDATED STATEMENT OF COMPREHENSIVE INCOME FOR THE YEAR ENDED 31 MARCH Loss for the year Other comprehensive loss – items that may subsequently be reclassified to profit/loss: Exchange differences on translation of foreign operations Other comprehensive loss for the financial year Total comprehensive loss for the financial year Total comprehensive loss attributable to equity shareholders of the parent The accompanying accounting policies and notes form an integral part of these financial statements. 2023 £’000 (1,250) (21) (21) (1,271) (1,271) 2022 £’000 (997) (1) (1) (998) (998) FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 CONSOLIDATED BALANCE SHEET AS AT 31 MARCH Assets Non-current assets Goodwill Intangible assets Property, plant and equipment Investments in equity-accounted joint ventures Current assets Trade and other receivables Current tax Cash at bank Current liabilities Trade and other payables Borrowings Lease liabilities Current tax Net current liabilities Non-current liabilities Trade and other payables Borrowings Lease liabilities Deferred tax liability Net assets Equity Share capital Share premium Merger reserve Share-based payment reserve Translation reserve Accumulated deficit Total equity 61 2022 £’000 6,804 5,630 325 17 12,776 1,612 – 2,099 3,711 (5,935) (722) (117) (127) (6,901) (3,190) (73) (329) (145) (338) (885) 8,701 108 16,012 4,276 126 (9) (11,812) 8,701 Notes 9 10 11 13 14 15 16 20 6 15 16 20 6 21 22 2023 £’000 6,804 5,616 248 17 12,685 1,611 37 139 1,787 (5,291) (1,074) (58) – (6,423) (4,636) (8) (215) (95) (301) (619) 7,430 108 16,012 4,276 126 (30) (13,062) 7,430 The financial statements were approved by the Board of Directors and authorised for issue on 4 September 2023 and were signed on its behalf by: Chris Hartshorne Director Company registration number: 11036180 The accompanying accounting policies and notes form an integral part of these financial statements. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 62 CONSOLIDATED STATEMENT OF CHANGES IN EQUITY FOR THE YEAR ENDED 31 MARCH For the year ended 31 March 2023 Share capital £’000 Share premium £’000 Merger reserve £’000 Share-based payment reserve £’000 Retained deficit £’000 Translation reserve £’000 Balance at 1 April 2022 Loss for the year Foreign exchange difference on consolidation Total comprehensive loss for the year 108 16,012 4,276 – – – – – – – – – 126 – – – (11,812) (1,250) – (1,250) At 31 March 2023 108 16,012 4,276 126 (13,062) (9) – (21) (21) (30) For the year ended 31 March 2022 Balance at 1 April 2021 Loss for the year Foreign exchange difference on consolidation Total comprehensive loss for the year Shares issued Cost of share issue Transactions with owners At 31 March 2022 Share capital £’000 Share premium £’000 Merger reserve £’000 Share-based payment reserve £’000 Retained Deficit £’000 Translation reserve £’000 100 13,227 4,276 126 (10,815) – – – 8 – 8 108 – – – 2,992 (207) 2,785 16,012 – – – – – – – – – – – – (997) – (997) – – – 4,276 126 (11,812) (8) – (1) (1) – – – (9) The accompanying accounting policies and notes form an integral part of these financial statements. Total £’000 8,701 (1,250) (21) (1,271) 7,430 Total £’000 6,906 (997) (1) (998) 3,000 (207) 2,793 8,701 FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 CONSOLIDATED STATEMENT OF CASH FLOWS FOR THE YEAR ENDED 31 MARCH Cash flows from operating activities Loss for the year Adjustments for: Depreciation of plant and equipment Amortisation of right of use assets Amortisation of intangible fixed assets Loss on disposal of fixed assets Foreign exchange loss Share of post-tax loss of equity-accounted joint ventures Finance expenses Income tax credit Decrease in inventories Decrease in trade and other receivables (Decrease)/increase in trade and other payables Income tax refund Net cash (outflow)/inflow from operating activities Investing activities Purchase of intangible assets Purchase of plant and equipment Acquisition of joint venture investment Net cash outflow from investing activities Financing activities Proceeds from issue of shares Costs of share issue Proceeds from borrowings Repayment of borrowings Interest paid Interest on lease liability on right-of-use assets Payments of lease liabilities on right-of-use assets Net cash (outflow)/inflow from financing activities Net (decrease)/increase in cash and cash equivalents Cash and cash equivalents at beginning of financial year Effects of exchange rate changes on cash and cash equivalents Cash and cash equivalents at end of financial year Comprising Cash at bank 63 Notes 2023 £’000 2022 £’000 (1,250) (997) 37 95 1,523 – 2 – 190 (365) 232 – 9 (750) (509) 163 (346) (1,506) (50) – (1,556) – – 875 (658) (155) (14) (109) (61) (1,963) 2,099 3 139 139 91 143 1,367 50 18 2 304 (6) 972 33 83 28 1,116 5 1,121 (1,231) (47) (13) (1,291) 3,000 (207) 546 (836) (245) (69) (155) 2,034 1,864 233 2 2,099 2,099 10 22 16 16 14 The accompanying accounting policies and notes form an integral part of the financial statements. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 64 NATURE OF OPERATIONS AND GENERAL INFORMATION GRC International Group plc (GRC International Group or ’the Company’) is a public limited company limited by shares, incorporated and domiciled in England and Wales. The registered company number is 11036180 and the registered office is Unit 3 Clive Court, Bartholomew’s Walk, Cambridgeshire Business Park, Ely, Cambridgeshire, CB7 4EA. During the COVID-19 pandemic the Group accumulated PAYE and VAT arrears of £1.7m as part of its response to the unprecedented trading environment, in respect of which it has formally agreed repayment plans with HMRC and £1.4m had been repaid at the balance sheet date, with the remaining £0.3m to be paid through FY24. The principal activities of GRC International Group plc and its subsidiary companies (together, the ’Group’) are those of a one- stop shop for IT Governance including books, tools, learning and consultancy services. The Directors of GRC International Group are responsible for the financial information and contents of the consolidated financial statements. PRINCIPAL ACCOUNTING POLICIES Basis of preparation The consolidated financial statements of GRC International Group plc and entities controlled by the Company (its subsidiaries) for the years presented has been prepared in accordance with UK-adopted international accounting standards. The consolidated financial statements have been prepared on a historical cost basis. Basis of consolidation The results for the year ended 31 March 2023 and 31 March 2022 include the results of GRC International Group plc and its subsidiaries. A subsidiary is a company controlled directly by the Group. Control is achieved where the Group has the power over the investee, rights to variable returns and the ability to use the power to affect the investee’s returns. Income and expenses of subsidiaries acquired during the year are included in the Consolidated Income Statement from the effective date of control. When necessary, adjustments are made to the financial statements of subsidiaries to bring their accounting policies into line with those used by the Group. All intra-Group transactions, balances, income and expenses are eliminated in full on consolidation. The principal accounting policies adopted are set out below. These accounting policies comply with each IFRS that is mandatory for accounting periods ending on 31 March 2023. Going concern The financial statements have been prepared on a going concern basis. The Group has recorded a loss for the year of £1.3m (2022: £1.0m) and as at 31 March 2023 its current liabilities exceeded its current assets by £4.8m (2022: £3.2m). The Group has been through a transitionary period, pivoting the business from a predominantly consulting and training business to a more comprehensive cyber security ‘defence in depth’ business, still incorporating consultancy and training products but increasingly focused on platform-based technology services sold on subscription or retainer style contracts. This transition was significantly impacted by the COVID-19 pandemic in FY21 and, to a much lesser extent, by the macro-economic and political uncertainty through the current year Q3 (calendar Q4 of 2022), with positive momentum and revenue growth returning in Q4. The Group has now delivered two consecutive EBITDA positive trading years, being FY22 and FY23, and the positive momentum seen through Q4 FY23 has continued into FY24. The Directors have prepared an integrated income statement, balance sheet and cash flow forecast by month which runs to 31 March 2025. For the purposes of Managements assessment of going concern a shortened period to 12 months from approval of the Group financial statements to 30 September 2024 has been used by Management for their assessment (“the going concern review period”). Additionally, the Directors have prepared a sensitised forecast with lower than expected revenues and appropriate cost reduction measures. The revenues in the sensitised forecast are 15% lower than the Group’s base case forecast in FY24 and 22% lower in FY25, representing a 2% reduction in FY24 against the current year revenue achieved and only 3% year on year growth to FY25. Both the forecast and the sensitised forecast show the Group operating within facilities already available to the Group through the going concern review period to 30 September 2024 and include the Group’s fixed commitments in terms of settlement of HMRC liabilities, borrowings, and lease liabilities. The Directors note that the Group has good forward visibility of revenue, with 73% of FY23 revenue coming from recurring revenue products, and consultancy projects typically scheduled 1 to 3 months in advance giving Management clear visibility to structure an affordable cost base and programme for capital expenditure through the going concern review period. Further comfort is drawn from the Group’s track record of trading successfully through volatile and uncertain trading conditions, demonstrating the ability to adjust the cost base appropriately and manage cash. The Directors have reviewed the Group’s going concern forecasts and projections to 30 September 2024 which, taking account of reasonably possible changes in trading performance, show that the Group is able to generate sufficient liquidity to continue in operational existence for the foreseeable future. Specifically, the forecasts include estimates for the impact of inflation. To the extent that these estimates turn out to be insufficient in the current climate the Directors are confident that there is sufficient flexibility in discretional or uncommitted capital spend to absorb unexpected cost increases or cash outflows resulting from the current macro-economic climate. On this basis the Directors believe that the Group will be able to generate sufficient cash through its normal business trading and there is sufficient flexibility in its ongoing cost base and capital expenditure spend to enable it to continue to meet its liabilities as they fall due during the going concern review period. In making this assessment the Directors have assessed the maturity of the Group’s liabilities, which at 31 March 2023 were comprised of the amounts set out in note 16. Consideration has also been given to the aging and recoverability of the Group’s receivables, the continuance through the going concern review period of facilities provided by Mr Andrew Brode (refer to note 24) and the access to additional liquidity via undrawn available facilities in excess of £0.5m comprising; undrawn and committed facilities from Mr Andrew Brode (refer to note 24) and available invoice discounting facilities within DQM. For this reason, the Directors continue to adopt the going concern basis in the preparation of its financial statements. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 65 Revenue The type of products and range of services sold across the Group fall within the following four revenue streams: • Consultancy • Publishing/Distribution • Learning • Software To determine whether to recognise revenue, the Group follows a five-step process: 1. identifying the contract with a customer; 2. identifying the performance obligations; 3. determining the transaction price; 4. allocating the transaction price to the performance obligations; and 5. recognising revenue when/as performance obligation(s) are satisfied. Revenue is recognised either at a point in time or over time, when the Group satisfies performance obligations by transferring the promised goods or services to its customer. The Group often enters into transactions involving a range of the Group’s products and services, for example for the delivery of consultancy, training, software and related after-sales service. In all cases, the total transaction price for a contract is allocated net of discounts amongst the various performance obligations based on their relative stand-alone selling prices. The transaction price for a contract excludes any amounts collected on behalf of third parties. The Group recognises contract liabilities for consideration received in respect of unsatisfied performance obligations and reports these amounts as deferred income in the statement of financial position. Similarly, if the Group satisfies a performance obligation before it receives the consideration, the Group recognises either a contract asset or a receivable in its statement of financial position, depending on whether something other than the passage of time is required before the consideration is due. In practice, contract assets rarely arise due to the timing of invoices raised under the terms of the Group’s contracts. All material contracts which span a financial reporting period will be reviewed on an individual basis with the five-step application of IFRS 15 applied, based upon the type of product sold. Customer rights to refunds are limited and are not considered material to the financial statements. Products and services Nature, timing of satisfaction of performance obligations and significant payment terms CONSULTANCY On-site and remote support consulting services, helping organisations to design and implement data protection and cyber security policies and procedures. The Group recognises revenue over time as the services in the contract are performed, generally based on the consultants’ estimates of the progress of the work. Revenue from consultancy services which are either a performance obligation within a larger arrangement or are sold on a stand-alone basis is generally recognised over time where the Group agrees to provide labour hours/days. Contracts state a broad list of activities that the services may include. The contracts state daily/ hourly rates and estimated amounts to be billed. Contracts state that the Group will not exceed the total amount without prior written approval. Where the performance obligations within an agreement are considered to represent services that are substantially the same, these will form a single performance obligation with labour days/ hours representing the progress measure. Several contracts define the only obligation as support for customer-led projects, and again in these cases it will be considered that there is one performance obligation with labour hours being the progress measure. Revenue is recognised over a time, when a) the Group’s performance does not create an asset with an alternative use to the Group and b) the entity has an enforceable right for performance completed to date. This is true for all services provided on a time basis. PUBLISHING/DISTRIBUTION The Group sells books, documentation templates and software via its websites, both that it publishes or writes itself, and also supplied by third parties. The Group also creates and sells sets of documentation templates that are used by customers to assist them to document IT systems and procedures. The Group recognises revenue at the point in time when control of the asset is transferred to the customer. The product becomes under the control of the customer when the book/software/toolkit is delivered to them. This is when the customer has legal title to the asset or has physical possession of the asset. For the sale of physical soft copy books and CD-ROMs, revenue is recognised when the goods are delivered. For the sale of downloadable books, revenue is recognised when the goods are made available to download by the customer. Where a product with a subscription or licence is sold on behalf of a third party the revenue is recognised straight away as the Group has completed its performance obligation. The full cost of the product sold by the Group in respect of a third-party sale is charged to the Income Statement when the revenue is recognised. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 66 Products and services Nature, timing of satisfaction of performance obligations and significant payment terms LEARNING The Group sells ’in person’ classroom-based training courses related to data protection, cyber security, ISO 27001 certification and related topics. The courses range from one to five days in length and are held at hired premises. The Group also provides courses at customers’ premises for organisations that require training for a number of their employees. The courses are aimed at various different areas of IT governance and at different skill levels. SOFTWARE The Group creates and sells software solutions. Maintenance and Support (’M&S’) arrangements are usually sold on a stand- alone basis as a renewal of an existing arrangement usually running over a 12-month period. Generally, the first time M&S is sold is when the customer initially buys the software. There are no material rights to consider in connection with renewal options. Revenue is recognised on ‘Classroom Based Training Courses’ and ‘Online Training Courses’ over the duration of the Training Course. Revenue is recognised on ‘Distance Learning Based Training Courses,’ when the customer gains control of the course material, at the date the online course is made available to them. Once the course is made available the Group has fulfilled its contractual obligation to deliver. The date the user accesses and uses the course is not considered relevant. Revenue is recognised on ‘e-Learning Courses’ dependent on the type of service provided. ‘e-Learning’ is split into four types: • • • • e-Learning Hosting Services – An additional annual fee for LMS (Learning Management System) hosting of the e-learning courses. Customers are not obliged to but can buy our standard ‘off-the- shelf’ ‘Hosting’ area. All hosted client courses will be hosted on our LMS. Each client will be given their own space, which can be branded with their logo and company colours. The e-learning course files hosted on our LMS will be the same for all clients, and each client will have a space in the course layout to add any extra information they need, such as documents, links and contact details. Revenue is recognised on ‘e-Learning Hosting Services’ over time as the customer has access to the hosting area. Revenue is then pro-rated equally over the period (normally 12 months) to which the service relates. Revenue is recognised on ‘e-Learning Courses’ when the customer obtains control. The course becomes under the control of the customer when the online course is made available to access. e-Learning Set Up Costs – Organisations/customers can contract the Group to ‘customise’ the e-learning courses to their organisation’s specifications (i.e. company logo/branding etc.). Revenue is recognised on ‘e-Learning Set Up Costs’ when the customer obtains control of the course material. The product becomes under the control of the customer when the online courses are made available to access. e-Learning Training – Organisations/customers can contract the Group to provide training for the e-learning courses. This is a one-off fee and the Training is a pre-agreed number of hours or days as requested by the customer. Revenue is recognised on ‘e-Learning Training’ when the customer gains control. The product comes under the control of the customer on the first day of the Training Course. Revenue from the sale of software for a fixed fee is recognised when or as the Group gives access to the customer to download the software. Software revenue recognition: • Performance obligations are satisfied at a point in time when the Group has a right to payment for the software, the customer has legal right to use the software under the terms of the software licence agreement, and the Group has physically transferred the software to the customer. These criteria are all met at the point in time that the Group transfers the software. Where software is sold under a SaaS arrangement, revenue is recognised evenly over the period of the arrangement as the Group fulfils its performance obligations. • • • • The Group does not undertake activities which significantly affect the intellectual property post delivery of the software which would prevent revenue being recognised at a point in time. The Group does not provide free Maintenance and Support type services as part of the licensing arrangements. Revenue from the sale of Maintenance and Support arrangements are always sold on a stand-alone basis or as a renewal of an existing arrangement usually running over a 12-month period, as explained below. Furthermore the technical support and software updates are distinct. This is because the customer can benefit from the licence with or without the Maintenance and Support contract. Technical support: the customer benefits from the technical support as that support is provided. The contracted support period is generally 12 months, so the customer obtains the benefit over the 12-month period. Accordingly, it is appropriate to recognise support revenue over a 12-month period. Software updates: all software updates are unspecified within Maintenance and Support arrangements with updates being made as and when available. The customer will continue to receive updates during the Maintenance and Support period and accordingly will benefit from the updates as they are provided. Accordingly, it is appropriate to recognise revenue over a 12-month period. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 67 Finance income and costs Interest income and expense is recognised using the effective interest method which calculates the amortised cost of a financial asset or liability and allocates the interest income or expense over the relevant period. The effective interest rate is the rate that exactly discounts estimated future cash receipts or payments through the expected life of the financial asset or liability to the net carrying amount of the financial asset or liability. Goodwill Goodwill arising on business combinations is reviewed and tested on an annual basis or more frequently if there is indication that goodwill might be impaired. Goodwill is allocated to cash-generating units (’CGUs’), which are determined as the lowest level of detail available for the assets to generate cash inflows relating to goodwill. Goodwill represents the future economic benefits arising from business combinations which are not individually identified and separately recognised. Goodwill is initially measured as the excess of the aggregate of the consideration transferred and the fair value of non-controlling interest over the net identifiable assets acquired and liabilities assumed. If the consideration is lower than the fair value of the net assets of the subsidiary acquired, the difference is recognised in profit or loss. Goodwill is carried at cost less any accumulated impairment losses until disposal or termination of the previous acquired business when the profit or loss on disposal or termination will be calculated after charging the gross amount at current exchange rates of any such goodwill through the income statement. Intangible assets Acquired intangible assets An intangible asset is recognised if it is probable that the expected future economic benefits that are attributable to the asset will flow to the Group and the cost of the asset can be measured reliably. Internally developed intangible assets Expenditure on research activities is recognised as an expense as incurred. Costs that are directly attributable to a project’s development phase are recognised as intangible assets, provided they meet the following recognition requirements: • • • • • the development costs can be measured reliably; the project is technically and commercially feasible; the Group intends to and has sufficient resources to complete the project; the Group has the ability to use or sell the software; and the software will probably generate future economic benefits. Development costs not meeting these criteria for capitalisation are expensed as incurred. Directly attributable costs include an apportionment of employee costs incurred on internal development assets. Internal development assets include software, website costs, courseware, marketing tools, consultancy products and publishing products. Subsequent measurement The useful lives of all intangible assets are assessed as finite. Intangible assets with finite lives are amortised over the useful economic life and assessed for impairment whenever there is an indication that the intangible asset may be impaired. The amortisation period and the amortisation method for an intangible asset with a finite useful life are reviewed at least at the end of each reporting period. Changes in the expected useful life or the expected pattern of consumption of future economic benefits embodied in the asset are accounted for by changing the amortisation period or method prospectively. The amortisation expense on intangible assets with finite lives is recognised in the income statement within administrative expenses. Gains or losses arising from derecognition of an intangible asset are measured as the difference between the net disposal proceeds and the carrying amount of the asset and are recognised in the income statement when the asset is derecognised. Amortisation is calculated on a straight-line basis over the estimated useful life of the asset as follows: Trademarks Software Website costs Marketing tools Courseware Publishing products Consultancy products Customer relationships 10 years 5 years 5–10 years 3 years 10 years 4 years 10 years 12 years Any capitalised internally developed intangible asset that is not yet complete is not amortised but is subject to annual impairment testing. Subsequent expenditures on the maintenance of computer software are expensed as incurred. Customer relationships Acquired customer relationships comprise principally of existing customer relationships which may give rise to future orders (customer relationships). Acquired customer relationships are recognised at fair value at the acquisition date and are expected to have a finite useful life of 12 years in line with the expected cash flows. Acquired customer relationships are stated at cost less accumulated amortisation and impairment. Property, plant and equipment Property, plant and equipment are stated at historical cost less depreciation less any recognised impairment losses. Cost includes expenditure that is directly attributable to the acquisition or construction of these items. Subsequent costs are included in the asset’s carrying amount only when it is probable that future economic benefits associated with the item will flow to the Group and the costs can be measured reliably. All other costs, including repairs and maintenance costs, are charged to the Income Statement in the period in which they are incurred. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 68 Depreciation is provided on all property, plant and equipment and is calculated as follows: Leasehold improvements Computer equipment Office equipment 10 years straight-line basis or the lease term if shorter 25–33% reducing balance basis 25% reducing balance basis Depreciation is provided on cost less residual value. The residual value, depreciation methods and useful lives are annually reassessed. Each asset’s estimated useful life has been assessed with regard to its own physical life limitations and to possible future variations in those assessments. Estimates of remaining useful lives are made on a regular basis for all machinery and equipment, with annual reassessments for major items. Changes in estimates are accounted for prospectively. Assets held under finance leases are depreciated over their expected useful lives on the same basis as owned assets. However, when there is no reasonable certainty that ownership will be obtained by the end of the lease term, assets are depreciated over the shorter of the lease term and their useful lives. An impairment loss is recognised as an expense immediately. An impairment loss recognised for goodwill is not reversed in subsequent periods. Where an impairment loss on non-financial assets subsequently reverses, the carrying amount of the asset or cash-generating unit is increased to the revised estimate of its recoverable amount, but so that the increased carrying amount does not exceed the carrying amount that would have been determined had no impairment loss been recognised for the asset or cash- generating unit in prior periods. A reversal of an impairment loss is recognised in the Income Statement immediately. Inventory Inventory is stated at the lower of cost and net realisable value, being the estimated selling price less costs to complete and sell. Cost is based on the cost of purchase on a weighted average basis. At the balance sheet date, inventories are assessed for impairment. If inventories are impaired, the carrying amount is reduced to its selling price less costs to complete and sell. The impairment loss is recognised immediately in profit or loss. The gain or loss arising on disposal or scrapping of an asset is determined as the difference between the sales proceeds, net of selling costs, and the carrying amount of the asset and is recognised in the Income Statement. Cash at bank Cash at bank comprises cash on hand, deposits held at call with banks and other short-term highly liquid investments with original maturities of three months or less from inception. Impairment of non-financial assets For the purposes of impairment testing, goodwill is allocated to each of the Group’s CGUs that is expected to benefit from the synergies of the combination. Each unit to which goodwill is allocated represents the lowest level within the Group that independent cash flows are monitored. A cash-generating unit to which goodwill has been allocated is tested for impairment annually, or more frequently when there is indication that the unit may be impaired. At each balance sheet date, the Directors review the carrying amounts of the Group’s non-current assets, other than goodwill, to determine whether there is any indication that those assets have suffered an impairment loss. If any such indication exists, the recoverable amount of the asset is estimated in order to determine the extent of the impairment loss, if any. Where the asset does not generate cash flows that are independent from other assets, the Directors estimate the recoverable amount of the cash-generating unit to which the asset belongs. Recoverable amount is the higher of fair value less costs of disposal and value in use. In assessing value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current market assessments of the time value of money and the risks specific to the asset for which the estimated future cash flows have not been adjusted. If the recoverable amount of an asset or cash-generating unit is estimated to be less than its carrying amount, the carrying amount of the asset or cash-generating unit is reduced to its recoverable amount. The impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit pro rata based on the carrying amount of each asset in the unit. Financial instruments Recognition and derecognition Financial assets and financial liabilities are measured initially at fair value plus transaction costs. After their initial recognition, financial assets and financial liabilities are measured subsequently as described below. Financial assets and financial liabilities are recognised when the Group becomes a party to the contractual provisions of the financial instrument. Financial assets are derecognised when the contractual rights to the cash flows from the financial asset expire, or when the financial asset and substantially all the risks and rewards are transferred. A financial liability is derecognised when it is extinguished, discharged, cancelled or expires. When a financial liability and a financial asset relating to the same contract exist these are offset. Classification and initial measurement of financial assets Except for those trade receivables that do not contain a significant financing component and are measured at the transaction price in accordance with IFRS 15, all financial assets are initially measured at fair value adjusted for transaction costs (where applicable). Financial assets are classified as ’Amortised cost’ financial assets. In the periods presented the Group does not have any financial assets categorised as either FVTPL or FVOCI. The classification is determined by both: • the entity’s business model for managing the financial asset; and • the contractual cash flow characteristics of the financial asset. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 69 All income and expenses relating to financial assets that are recognised in profit or loss are presented within finance costs, finance income or other financial items, except for impairment of trade receivables which is presented within other administrative expenses. FINANCIAL ASSETS AT AMORTISED COST Financial assets are measured at amortised cost if the assets meet the following conditions (and are not designated as FVTPL): • • they are held within a business model whose objective is to hold the financial assets and collect its contractual cash flows; and the contractual terms of the financial assets give rise to cash flows that are solely payments of principal and interest on the principal amount outstanding. SUBSEQUENT MEASUREMENT OF FINANCIAL ASSETS After initial recognition, these are measured at amortised cost using the effective interest method. Discounting is omitted where the effect of discounting is immaterial. The Group’s cash and cash equivalents, trade and most other receivables fall into this category of financial instruments. IMPAIRMENT OF FINANCIAL ASSETS IFRS 9’s impairment requirements use forward-looking information to recognise expected credit losses – the expected credit loss (’ECL’) model. Instruments within the scope of these requirements include loans and other debt-type financial assets measured at amortised cost, trade receivables and loan commitments. The Group considers a broader range of information when assessing credit risk and measuring expected credit losses, including past events, current conditions, and reasonable and supportable forecasts that affect the expected collectability of the future cash flows of the instrument. In applying this forward-looking approach, a distinction is made between: • • financial instruments that have not deteriorated significantly in credit quality since initial recognition or that have low credit risk (‘Stage 1’); and financial instruments that have deteriorated significantly in credit quality since initial recognition and whose credit risk is not low (‘Stage 2’). Stage 3 would cover financial assets that have objective evidence of impairment at the reporting date. 12-month expected credit losses are recognised for the first category while ‘lifetime expected credit losses’ are recognised for the second and third category. Measurement of the expected credit losses is determined by a probability-weighted estimate of credit losses over the expected life of the financial instrument. TRADE AND OTHER RECEIVABLES AND CONTRACT ASSETS The Group makes use of a simplified approach in accounting for trade receivables as well as contract assets and records the loss allowance as the lifetime expected credit losses. These are the expected shortfalls in contractual cash flows, considering the potential for default at any point during the life of the financial instrument. In calculating, the Group uses its historical experience, external indicators and forward- looking information to calculate the expected credit losses using a provision matrix. The Group assesses impairment of trade receivables on a collective basis and as they possess shared credit risk characteristics they have been grouped based on the days past due. Refer to note 13 for further details. CLASSIFICATION AND MEASUREMENT OF FINANCIAL LIABILITIES The Group’s financial liabilities include trade and other payables, borrowings and contingent consideration. Financial liabilities are initially measured at fair value, and, where applicable, adjusted for transaction costs unless the Group designates a financial liability at fair value through profit or loss. Subsequently, financial liabilities are measured at amortised cost using the effective interest method except for financial liabilities designated at FVTPL, which are carried subsequently at fair value with gains or losses recognised in profit or loss. All interest-related charges and, if applicable, changes in an instrument’s fair value that are reported in profit or loss are included within finance costs or finance income. Borrowings Borrowings, including bank overdrafts, are classified as current liabilities unless the Group has an unconditional right to defer the settlement of the liability for at least 12 months after the balance sheet date. Foreign currency The presentational currency for the Group’s consolidated financial statements is Sterling. Foreign currency transactions by Group companies are recorded in their functional currencies at the exchange rate at the date of the transaction. Monetary assets and liabilities have been translated at rates in effect at the balance sheet date, with any resulting exchange adjustments being charged or credited to the Income Statement, within administrative expenses. On consolidation the assets and liabilities of the subsidiaries with a functional currency other than Sterling are translated into the Group’s presentational currency at the exchange rate at the balance sheet date and the Income Statement items are translated at the average rate for the period. The exchange difference arising on the translation from functional currency to presentational currency of subsidiaries is classified as other comprehensive income and is accumulated within equity as a translation reserve. The balance of the foreign currency translation reserve relating to a subsidiary that is disposed of, or partially disposed of, is recognised in the Income Statement at the time of disposal. Current taxation Current taxation for each taxable entity in the Group is based on the local taxable income at the local statutory tax rate enacted or substantively enacted at the balance sheet date and includes adjustments to tax payable or recoverable in respect of previous periods. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 70 Deferred taxation Deferred taxation is calculated using the liability method, on temporary differences arising between the tax bases of assets and liabilities and their carrying amounts in the consolidated financial statements. However, if the deferred tax arises from the initial recognition of an asset or liability in a transaction other than a business combination that at the time of the transaction affects neither accounting nor taxable profit or loss, it is not accounted for. No deferred tax is recognised on initial recognition of goodwill or on investment in subsidiaries. Deferred tax is determined using tax rates and laws that have been enacted or substantively enacted by the balance sheet date and are expected to apply when the related deferred tax asset is realised or the deferred tax liability is settled. Deferred tax liabilities are provided in full, to the extent they would crystallise after using any available losses, and are not discounted. Deferred tax assets are recognised to the extent that it is probable that future taxable profits will be available against which the temporary differences can be utilised. Changes in deferred tax assets or liabilities are recognised as a component of tax expense in the Income Statement, except where they relate to items that are charged or credited directly to equity, in which case the related deferred tax is also charged or credited directly to equity. Deferred income tax assets and liabilities are offset when there is a legally enforceable right to offset current tax assets against current tax liabilities and when the deferred income tax assets and liabilities relate to income taxes levied by the same taxation authority on either the same taxable entity or different taxable entities where there is an intention to settle the balances on a net basis. Employment benefits Provision is made in the financial statements for all employee benefits. Liabilities for wages and salaries, including non-monetary benefits and annual leave obliged to be settled within 12 months of the balance sheet date, are recognised in accruals. • the Group has the right to direct the use of the identified asset throughout the period of use. The Group assesses whether it has the right to direct ‘how and for what purpose’ the asset is used throughout the period of use. Measurement and recognition of leases as a lessee At lease commencement date, the Group recognises a right- of-use asset and a lease liability on the balance sheet. The right-of use asset is measured at cost, which is made up of the initial measurement of the lease liability, any initial direct costs incurred by the Group, an estimate of any costs to dismantle and remove the asset at the end of the lease, and any lease payments made in advance of the lease commencement date (net of any incentives received). The Group depreciates the right-of-use assets on a straight-line basis from the lease commencement date to the earlier of the end of the useful life of the right-of-use asset or the end of the lease term. The Group also assesses the right-of-use asset for impairment when such indicators exist. At the commencement date, the Group measures the lease liability at the present value of the lease payments unpaid at that date, discounted using the interest rate implicit in the lease if that rate is readily available or, if not, the Group’s incremental borrowing rate. Assets and liabilities arising from a lease are initially measured on a present value basis. Lease liabilities include the net present value of the following lease payments: • fixed payments (including in-substance fixed payments), less any lease incentives receivable; • variable lease payments that are based on an index or a rate; • • • amounts expected to be payable by the lessee under residual value guarantees; the exercise price of a purchase option if the lessee is reasonably certain to exercise that option; and payments of penalties for terminating the lease, if the lease term reflects the lessee exercising that option. Right-of-use assets are measured at cost comprising the following: Contributions to defined contribution pension plans are charged to the Income Statement in the period to which the contributions relate. • • Leases For any new contracts entered into on or after 1 April 2019, the Group considers whether a contract is, or contains, a lease. A lease is defined as ‘a contract, or part of a contract, that conveys the right to use an asset (the underlying asset) for a period of time in exchange for consideration’. To apply this definition the Group assesses whether the contract meets three key evaluations which are whether: the amount of the initial measurement of lease liability; any lease payments made at or before the commencement date less any lease incentives received; • any initial direct costs; and • restoration costs. Subsequent to initial measurement, the liability will be reduced for payments made and increased for interest. It is remeasured to reflect any reassessment or modification, or if there are changes in fixed payments. • • the contract contains an identified asset, which is either explicitly identified in the contract or implicitly specified by being identified at the time the asset is made available to the Group; or When the lease liability is remeasured, the corresponding adjustment is reflected in the right-of-use asset, or profit and loss if the right-of- use asset is already reduced to zero. the Group has the right to obtain substantially all of the economic benefits from use of the identified asset throughout the period of use, considering its rights within the defined scope of the contract; or The Group has elected to account for short-term leases and leases of low-value assets using the practical expedients available under IFRS 16. Instead of recognising a right-of-use asset and lease liability, the payments in relation to these are recognised as an expense in profit or loss on a straight-line basis over the lease term. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 71 Equity Equity comprises the following: • • • • • • ’Share capital’ represents the nominal value of equity shares issued. ’Share premium’ represents amounts subscribed for share capital, net of issue costs, in excess of nominal value. ’Merger reserve’ represents the excess of the fair value of the consideration received for the issue of shares over the nominal value of shares issued in circumstances where the merger relief provisions of the Companies Act 2006 apply. ’Share-based payment reserve’ represents the accumulated value of share-based payments. ’Retained earnings’ represents the accumulated profits and losses attributable to equity shareholders. ’Translation reserve’ represents the exchange differences arising from the translation of the financial statements of subsidiaries into the Group’s presentational currency. Share-based payments Equity-settled share-based payments to employees and Directors are measured at the fair value of the equity instrument. The fair value of the equity-settled transactions with employees and Directors is recognised as an expense over the vesting period. The fair value of the equity instruments is determined at the date of grant, taking into account vesting conditions. The fair value of goods and services received is measured by reference to the fair value of options. The fair values of share options are measured using the Black-Scholes model. The expected life used in the model is adjusted, based on management’s best estimate of the effects of non-transferability, exercise restrictions and behavioural considerations. The cost of equity-settled transactions is recognised, together with a corresponding increase in equity, over the period in which the performance and/or service conditions are fulfilled, ending on the date on which the relevant employees become fully entitled to the award (the ’vesting date’). The cumulative expense recognised for equity-settled transactions at each reporting date until the vesting date reflects the extent to which the vesting period has expired and the Group’s best estimate of the number of equity instruments that will ultimately vest. The Income Statement charge or credit for a period represents the movement in cumulative expense recognised as at the beginning and end of that period. No expense is recognised for awards that do not ultimately vest, except for awards where vesting is conditional upon a market condition, which are treated as vesting irrespective of whether or not the market condition is satisfied, provided that all other performance and/or service conditions are satisfied. Where the terms of an equity-settled award are modified, the minimum expense recognised is the expense as if the terms had not been modified. An additional expense is recognised for any modification which increases the total fair value of the share- based payment arrangement, or is otherwise beneficial to the employee as measured at the date of modification. Where an equity-settled award is cancelled, it is treated as if it had vested on the date of cancellation, and any expense not yet recognised for the award is recognised immediately. However, if a new award is substituted for the cancelled award, and designated as a replacement award on the date that it is granted, the cancelled and new awards are treated as if they were a modification of the original award, as described in the previous paragraph. Where an equity-settled award is forfeited, the cumulative charge expensed up to the date of forfeiture is credited to the Income Statement. Segment reporting An operating segment is a component of an entity that engages in business activities from which it may earn revenues and incur expenses (including revenues and expenses related to transactions with other components of the same entity), whose operating results are regularly reviewed by the entity’s Chief Operating Decision Maker to make decisions about resources to be allocated to the segment and assess its performance, and for which discrete financial information is available. The Chief Operating Decision Maker has been identified as the Board of Executive Directors, at which level strategic decisions are made. Details of the Group’s reportable operating segments are provided in note 1. New and amended International Financial Reporting Standards adopted by the Group The following accounting standards, interpretations, improvements and amendments have become applicable for the current period and although the Group has adopted them, they have had no material impact on the Group. These comprise: • Amendments to IFRS 9, IAS 39 and IFRS 7: Interest Rate Benchmark Reform - phase 2. Endorsed accounting standards effective in future periods The Directors considered the impact on the Group of other new and revised accounting standards, interpretations or amendments that are currently endorsed but not yet effective. The Directors do not expect any other standards to have a significant impact on the Group’s results. International Financial Reporting Standards in issue but not yet effective At the date of authorisation of the consolidated financial statements, the IASB and IFRS Interpretations Committee have issued standards, interpretations and amendments which are applicable to the Group, however they have decided not to adopt early. The following amendments are effective for the period beginning 1 April 2023. • • Amendments to IAS 37 – Onerous Contracts – Cost of fulfilling a contract Amendments to IAS 16 – Property, Plant and Equipment; Proceeds before intended use • Amendments to IFRS 1 – Subsidiary as a First-time adapter • Amendments to IAS 41 – Taxation in fair value measurement • Amendments to IFRS 3 – Updating a reference to the conceptual framework FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 72 New/revised International Financial Reporting Standards which are not considered likely to have an impact on the Group’s financial statements going forwards have been excluded from the above. Management anticipates that all relevant pronouncements will be adopted in the Group’s accounting policies for the first period beginning after the effective date of the pronouncement. Identification of performance obligations in customer contracts The identification of performance obligations in customer contracts requires management to exercise judgement to determine both the nature of the performance obligations and when those obligations are delivered in order to recognise revenue appropriately in the correct amount and in the correct accounting period. Consultancy, Software and Training revenue streams are where this judgement has been made. Going concern The identification by management of the Group to continue as a going concern is a key judgement and has been explained further on page 64. ESTIMATION UNCERTAINTY Information about estimates and assumptions that have the most significant effect on recognition and measurement of assets, liabilities, income and expenses is provided below. Actual results may be substantially different. The estimates and assumptions that have a significant risk of causing a material adjustment to the carrying amounts of assets and liabilities within the next financial year are discussed below. Estimates and assumptions • Impairment of goodwill estimate of future cash flows and determination of the discount rate (note 10): Estimation is required in determining whether goodwill is impaired or not. The Group tests annually whether goodwill has suffered any impairment. The recoverable amounts of the DQM CGUs have been determined based on value-in- use calculations. The principal assumptions used to determine value-in-use relate to future cash flows and the weighted average cost of capital. Changes in the estimate of the weighted average cost of capital or future cash flows and growth rates over the assessment period could reduce the level of headroom. The key assumptions used for the value-in-use calculations and sensitivity analysis are set out in note 9. SIGNIFICANT MANAGEMENT JUDGEMENTS IN APPLYING ACCOUNTING POLICIES AND KEY SOURCES OF ESTIMATION UNCERTAINTY The preparation of the consolidated financial statements requires management to make judgements, estimates and assumptions that affect the application of policies and reported amounts of assets and liabilities, income and expenses. These estimates, judgements and assumptions are based on historical experience and other factors that are believed to be reasonable under the circumstances. Actual results may differ from these estimates. The areas which require the most use of management estimation and judgement are set out below. The following are significant management judgements in applying the accounting policies of the Group that have the most significant effect on the financial statements. Internally developed intangible assets Determining whether the recognition requirements for the capitalisation of development costs are met requires judgement. Management considers the criteria set out in IAS 38 in advance of capitalising any project costs. After capitalisation, management monitors whether the recognition requirements continue to be met and whether there are any indicators that capitalised costs may be impaired. Should a different judgement be taken, the amounts capitalised may differ from those presented in note 10, affecting administrative expenses and the results for the year. Judgement is also required as identify is any impairment triggers have arisen in the year which would require estimation of the recoverable amount of an asset. Recognition of deferred tax assets The extent to which deferred tax assets can be recognised is based on an assessment of the probability that future taxable income will be available against which the deductible temporary differences and timing differences on capital allowances can be utilised. In addition, significant judgement is required in assessing the impact of any legal or economic limits or uncertainties in various tax jurisdictions. Judgement is also applied in the recognition of deferred tax assets in respect of losses, based on management’s view of the availability of future profits to offset such losses. The approach adopted in 2022 and 2023 is that of not recognising any deferred tax asset. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 NOTES TO THE FINANCIAL STATEMENTS 73 1. Segmental reporting OPERATING SEGMENTS For the purposes of segmental reporting, the Group’s Chief Operating Decision Maker (’CODM’) is considered to be the Board of Executive Directors of the Group. The Board receives information on a consolidated basis. Given the extent and nature of central services provided in support of the Group’s different revenue streams, the Board considers that the Group has only one operating segment. REVENUE BY GEOGRAPHIC DESTINATION Revenue across all operating segments is generated from the UK but includes overseas sales: UK Non-UK 2023 £’000 11,576 3,084 14,660 2022 £’000 10,880 3,022 13,902 2023 Non-UK revenue includes United States of America £1,581,000 (2022: £1,150,000), Ireland £484,000 (2022: £442,000), Italy £75,000 (2022: £141,000), Rest of Europe £582,000 (2022: £461,000), Australia £44,000 (2022: £121,000) and Rest of the World £318,000 (2022: £707,000). 2023 Non-UK non-current assets includes Ireland £19,000 (2022: £29,000) and Germany £15,000 (2022: £17,000). INFORMATION ABOUT MAJOR CUSTOMERS No customers contributed 10% or more to the Group’s revenue in any period presented. Revenue 2. Revenue is all derived from continuing operations. Notwithstanding that the Group’s revenues are often interdependent, the Group has disaggregated revenue into various categories in the following tables which is intended to depict how the nature, amount, timing and uncertainty of revenue and cash flows are affected by economic date: Consultancy Publishing and Distribution Software Training Total revenue The Group’s revenue is analysed by timing of delivery of goods or services as: Point in time delivery Over time Total revenue The revenue is analysed as follows for each revenue category: Sale of goods Provision of services Other operating Income Total 2023 £’000 9,350 794 1,760 2,756 14,660 2023 £’000 4,780 9,880 14,660 2023 £’000 794 13,866 14,660 121 14,781 2022 £’000 8,882 838 1,481 2,701 13,902 2022 £’000 4,566 9,336 13,902 2022 £’000 824 13,078 13,902 240 14,142 Included in Other Operating Income are grant receipts totalling £nil (2022: £5,000) claimed under the Government furlough scheme. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 74 2. Revenue continued CONTRACT LIABILITIES: DEFERRED INCOME At 1 April Amounts included in deferred income that were recognised as revenue in the period from the opening balance Amounts invoiced in the period and not recognised as revenue until later periods At 31 March Deferred income 2023 £’000 1,847 (1,847) 1,961 1,961 2022 £’000 1,114 (1,114) 1,847 1,847 The Group recognises deferred income as a contract liability. This balance equates to the value of the remaining performance obligations for revenue recognised over time, given the nature of the Group’s invoicing arrangements with customers. Contract assets and contract liabilities are included within ’trade and other receivables’ and ’trade and other payables’ respectively on the face of the Consolidated Balance Sheet. They arise from the Group’s contracts that cover multiple reporting periods as payments received from customers at each balance sheet date do not necessarily equal the amount of revenue recognised on the contracts. No material contract asset balances arise in the ordinary course of business. 3. Operating loss Operating loss is stated after charging/(crediting): Cost of sales Wages and salaries Other direct costs including consultancy and training costs, books and manuals Other administration costs Wages and salaries Sales and marketing costs Depreciation of property, plant and equipment Loss of sale of fixed assets Amortisation of intangible fixed assets Auditor’s remuneration: – Fees payable for the audit of the annual accounts Foreign exchanges losses/(gains) Exceptional administrative costs Other costs including office administration, legal and professional, IT and website costs No non-audit fees were payable to the auditor in respect of services rendered in the current or prior year. Employees 4. The aggregate payroll costs of the employees were as follows: Staff costs Wages and salaries Social security costs Pension costs No Directors made any gains on exercise of share options (2022: £nil). 2023 £’000 2022 £’000 4,368 1,415 5,783 6,293 502 133 – 1,520 165 28 61 1,721 10,423 2023 £’000 10,170 1,225 188 11,583 4,030 1,668 5,698 5,743 299 234 50 1,367 130 (3) – 1,321 9,141 2022 £’000 8,660 942 207 9,809 FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 Employees continued 4. The average monthly number of persons employed by the Group during the year was as follows: By activity Administration Sales and distribution Remuneration of Directors is disclosed in the Remuneration Committee Report. Details of key management personnel and their remuneration are disclosed within note 24. 5. Net finance costs Interest on overdrafts Interest on loans Interest on lease liabilities Other interest Taxation 6. Analysis of credit in the year: Current tax – current period Current tax – adjustment in respect of prior period Deferred tax – current period movement Deferred tax – adjustment in respect of prior period Total tax credit Loss before taxation Loss by rate of tax (2023: 19%; 2022: 19%) Expenses not deductible for tax purposes Income not taxable for tax purposes Deferred tax asset not recognized Deferred tax – current period movement Adjustments to deferred tax in respect of prior period Other adjustments to current tax in respect of prior period Adjustment in respect of prior period: research and development tax credit Total tax credit 75 2023 2022 82 94 176 74 90 164 2023 £’000 22 129 14 25 190 2023 £’000 – (328) (36) (1) (365) 2023 £’000 (1,615) (307) 10 (7) 304 (36) (1) – (328) (365) 2022 £’000 – 165 69 70 304 2022 £’000 – (4) (40) 38 (6) 2022 £’000 (1,003) (191) 47 – 144 (40) 38 (4) – (6) An increase to the UK Corporation tax rate to 25% with effect from 1 April 2023 was enacted by the Finance Act 2021 on 14 May 2021. As a result deferred tax balances as at 31 March 2023 are measured at 25%. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 76 Taxation continued 6. At the balance sheet date, the Group has the following unused tax losses: Trading losses (UK) Trading losses (Ireland) Trading losses (USA) Non-trading loan relationship debits 2023 £’000 6,485 1,842 922 214 2022 £’000 6,249 1,781 483 198 At the balance sheet date, a deferred tax asset has not been recognised for these amounts on the basis that at the present time the Group has not recorded a recent taxable profit. The Group records tax credits for research and development tax credits in the financial statements when the claims have been quantified. No amount has been quantified at the current time in relation to the year ended 31 March 2023. As explained in note 15, as and when credits are claimed and credited to the tax accounts of the Group, the amounts are expected to reduce the Group’s outstanding balances payable to HMRC. Tax credits of £163,000 and £165,000 were claimed in relation to the year ended 31 March 2021 and 31 March 2022 respectively and were recorded in the year ended 31 March 2023. DEFERRED TAX The following are the major deferred tax liabilities and assets recognised by the Group and movements thereon during the current and prior reporting period. Deferred tax assets and liabilities are offset where the Group has a legally enforceable right to do so. Fixed asset timing differences £’000 Retirement benefit obligations £’000 Share-based payments £’000 Short-term timing differences £’000 Tax losses (Ireland) £’000 Tax losses (UK) £’000 Intangibles £’000 At 1 April 2021 (Credit)/charge to profit or loss Prior year adjustment Deferred tax (asset)/ liability at 31 March 2022 (Credit)/charge to profit or loss Prior year adjustment Deferred tax at 31 March 2023 Liability Deferred tax at 31 March 2022 Liability – – – – – – – – (2) (2) – (4) 5 (1) – (4) (1) – 1 – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Total £’000 340 (40) 38 338 (36) (1) 343 (38) 37 342 (41) – 301 301 342 338 Earnings per share 7. Basic earnings per share is based on the loss after tax for the year and the weighted average number of shares in issue during each year. Loss attributable to equity holders of the Group (£) Weighted average number of shares in issue Basic loss per share (pence) 2023 £’000 (1,250) 107,826 (1.16) 2022 £’000 (997) 101,510 (0.98) Diluted earnings per share is calculated by adjusting the average number of shares in issue during the year to assume conversion of all dilutive potential ordinary shares. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 77 Earnings per share continued 7. Taking the Group’s share options into consideration in respect of the Group’s weighted average number of ordinary shares for the purposes of diluted earnings per share, is as follows: Number of shares Dilutive (potential dilutive) effect of share options 2023 2022 107,826,246 101,510,456 – – Weighted average number of ordinary shares for the purposes of diluted earnings per share 107,826,246 101,510,456 Diluted loss per share (pence) (1.16) (0.98) Due to the losses incurred during the year, a diluted loss per share has not been calculated as this would serve to reduce the basic loss per share. There were 526,760 (2022: 426,760) share options outstanding at the end of the year that could potentially dilute basic earnings per share in the future. Subsidiaries 8. Details of the Group’s subsidiaries are as follows: Name of subsidiary and registered office address Principal activity IT Governance Limited* Vigilant Software Limited* Information technology governance services Information technology Software development Place of incorporation and operation England & Wales % ownership held by the Group 2023 £’000 100% 2022 £’000 100% England & Wales 100% 100% IT Governance Europe Limited 6th Floor, Information technology governance South Bank House, Barrow Street, Dublin 4 services Ireland 100% 100% IT Governance USA Inc 420 Lexington Avenue, Information technology governance Suite 300, New York, NY 10170, USA IT Governance Publishing Limited* services USA 100% 100% Information technology governance publication England & Wales 100% 100% GRCI Law Limited* Information technology governance legal services England & Wales 100% 100% GRC eLearning Limited* IT Governance Europe Limited* IT Governance Consulting Limited* IT Governance Franchising Limited* IT Governance Sales Limited* IT Governance Software Limited* IT Governance Training Limited* ITG Certification Limited* ITG Qualifications Limited* ITG Security Testing Limited* ITG Encryption Limited* Data Quality Management Limited Information technology governance internet-based training Dormant company** Dormant company** Dormant company** Dormant company** Dormant company** Dormant company** Dormant company** Dormant company** Dormant company** Dormant company** Dormant company** Data Quality Management Group Limited Information technology governance Data2 Limited DQM Group Holdings Limited Services Dormant company** Holding company** England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% * Registered Office: Unit 3, Clive Court, Bartholomew’s Walk, Cambridgeshire Business Park, Ely, Cambridgeshire CB7 4EA. ** Dormant subsidiaries which have taken advantage of the s394A exemption from preparing individual accounts. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 78 Subsidiaries continued 8. Vigilant Software Limited, company number 05985888, IT Governance Publishing Limited, company number 06082604, GRCI Law Limited, company number 11311669, GRC eLearning Limited, company number 11247590 and DQM Group Holdings Limited, company number 10852386 which are included in the consolidated financial statements, are entitled to, and have opted to take, exemption from the requirement for their individual financial statements to be audited under section 479a of the Companies Act 2006 relating to subsidiary companies. 9. Goodwill Cost and Net book value At 1 April At 31 March 2023 £’000 6,804 6,804 2022 £’000 6,804 6,804 Goodwill arising from business combinations has been allocated to the Group’s DQM cash-generating unit (’CGU’). Goodwill is tested at least annually for impairment and whenever there are indications that goodwill might be impaired. For the DQM CGU, the carrying amount of goodwill has been assessed for impairment by comparing the carrying amount of the CGU in which it is included to the recoverable amount based on value in use of the CGU. The value in use calculation for the cash-generating unit uses: estimated future cash flows, for which the key assumptions are forecast revenue and EBITDA over the next five years, based on management’s estimates; the terminal growth rate for revenues and EBITDA beyond that period, which reflects a cautious approach for the purpose of measuring a value in use; and a pre-tax discount rate, which is based on management’s assessment of risk inherent in the estimated future cash flows. The pre-tax cash flows for the forecast period are derived from the DQM element of the Group’s 5-year business plan. The plan incorporates the Group’s approved FY24 granular budget model and 4 further years forecast in marginally less detail. The figures have been reviewed and approved by the Board and include input from divisional managers around the business. The figures have not been prepared specifically for the impairment review but are used for wider business planning, setting management objectives, and informing market guidance. The forecast includes revenue growth averaging approximately 15% per year across the 5-year period and EBITDA growth in line with the revenue growth, assuming that EBITDA remains a consistent percentage of revenue. It is noted that whilst the FY24 budget includes revenue up only 12% on the FY23 result the EBITDA is forecast to improve from 33% of revenue to 51% of revenue. The improvement comes from a range of operational efficiencies that management expect to be the result of investment taking place to grow higher margin revenue lines and internal projects designed to integrate DQM more fully with the rest of the Group, making better use of central resources. As of 31 March 2023, the value in use of the CGU was greater by £3,160k (31 March 2022: £7,015k) than its carrying amount. The key assumptions used were the revenue and EBITDA growth assumptions as explained above, the terminal growth rate of 2%, and the pre-tax discount rate of 12.53%. Management’s methodology includes a 4% small company premium derived from independent third-party data, as would be expected for a Company the size of DQM. Management also notes the inherent uncertainty of results expected to be delivered through the planned operational efficiencies and takes comfort from the fact that a specific risk premium of up to 3% could be added to the WACC to allow for this without triggering an impairment. A 3% specific risk premium added to the WACC would result in the value of the CGU being greater by £230k than its carrying amount. Management also notes the fact that current year WACC rates have increased because of high interest rates designed to tackle inflation, and that official Bank of England forecasts show inflation (and therefore interest rates) should reduce again within the forecast period. The growth in cash flows and the selection of the discount rate are judgements that management has made which may have a bearing on the identification of impairment losses. The changes in key assumptions that would individually give rise to a material impairment loss are as follows: a) The discount rate would have to increase by 3.4%; b) Either operating costs would have to rise, or future revenue increases would need to be less than forecast (assuming margins remained the same) such that EBITDA was more than 25% less than forecast, all other variables remaining constant.; or c) EBITDA margin would have to fall to less than 38% on the forecast revenue numbers. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 10. Intangible assets Cost At 1 April 2021 Additions At 31 March 2022 Additions Foreign exchange movement At 31 March 2023 Accumulated depreciation At 1 April 2021 Charge for year At 31 March 2022 Charge for year At 31 March 2023 Net book value At 31 March 2023 At 31 March 2022 At 1 April 2021 Marketing tools £’000 Publishing products £’000 Consultancy products and courseware £’000 Software and website costs £’000 Trademarks £’000 Customer relationships £’000 63 3 66 – – 66 63 – 63 1 64 2 3 – 400 51 451 83 – 534 266 51 317 55 372 162 134 134 1,036 182 1,218 374 3 1,595 414 112 526 119 645 950 692 622 6,177 995 7,172 1,049 – 8,221 3,057 1,003 4,060 1,148 5,208 3,013 3,112 3,120 466 – 466 – – 466 100 47 147 46 193 273 319 366 1,843 – 1,843 – – 1,843 320 153 473 154 627 1,216 1,370 1,523 79 Total £’000 9,985 1,231 11,216 1,506 3 12,725 4,220 1,366 5,586 1,523 7,109 5,616 5,630 5,765 Amortisation is included within administrative expenses. Intangible assets includes capitalised related party costs incurred as further explained in note 25. All intangible assets have been developed internally with the exception of those arising on the business acquisition in 2019. For CGUs requiring impairment testing under IAS 36 Impairment of Assets, the method used to determine recoverable amount is value-in-use. 11. Property, plant and equipment Cost At 1 April 2021 Additions Additions – lease modifications Disposals At 31 March 2022 Additions Disposals At 31 March 2023 Accumulated depreciation At 1 April 2021 Charge for year Disposal Foreign exchange movement At 31 March 2022 Charge for year Foreign exchange movement At 31 March 2023 Net book value At 31 March 2023 At 31 March 2022 At 31 March 2021 Depreciation is included within administrative expenses. Leasehold improve- ments £’000 Computer equipment £’000 Office equipment £’000 Right-of-use assets – properties £’000 160 12 – (105) 67 17 1 85 64 15 (55) – 24 9 – 33 52 43 96 747 33 – (513) 267 32 – 299 675 61 (512) – 224 22 – 246 53 43 72 96 2 – (34) 64 1 – 65 74 15 (36) – 53 6 – 59 6 11 22 565 – 138 (192) 511 – – 511 329 143 (192) 3 283 95 (4) 374 137 228 236 Total £’000 1,568 47 138 (844) 909 50 1 960 1,142 234 (795) 3 584 132 (4) 712 248 325 426 FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 80 12. Inventories Finished goods for resale Amounts of inventories recognised as an expense during the period as cost of sales Amounts of inventories impaired during the period 13. Trade and other receivables Trade receivables Less: provision for impairment of trade receivables Net trade receivables Other receivables Prepayments 2023 £’000 – 2023 £’000 – 2023 £’000 – 2023 £’000 1,036 – 1,036 38 537 1,611 2022 £’000 – 2022 £’000 36 2022 £’000 35 2022 £’000 1,284 (124) 1,160 32 420 1,612 None of the Company’s trade and other receivables are secured by collateral or credit enhancements. The Group applies the IFRS 9 simplified approach to measuring expected credit losses on a collective basis. To measure expected credit losses on a collective basis, trade receivables and contract assets are grouped based on a similar credit risk and ageing. The Group’s policy for monitoring default risk over receivables is based on the ongoing evaluation of the collectability and ageing analysis of trade and other receivables. Considerable judgement is required in assessing the ultimate realisation of these receivables, including reviewing the potential likelihood of default, the past collection history of each customer and the current economic conditions. The Group uses a third party credit scoring system to assess the creditworthiness of potential new customers before accepting them. Credit limits are defined by customer based on this information. All customer accounts are subject to review on a regular basis by senior management and actions are taken to address debt ageing issues. To determine the level of expected credit loss provision required, historical loss rates are adjusted for current and forward-looking information on macroeconomic factors affecting the Group’s customers. The Group has identified gross domestic product growth rates, employment rates and inflation rates as the key macroeconomic factors in the countries in which the Group operates. The rates applied vary from 10% to 100% depending on the above factors and the age of the debt. The Directors consider that the carrying amount of trade and other receivables approximates to the fair value. Included in the Group’s trade receivable balance as at the year end were customer balances with a carrying amount of £197,000 (2022: £396,000) which are past due at the reporting date for which the Group has not recorded a provision, however the Directors still believe the amounts to be recoverable in full. The maturity profile of trade and other receivables is set out in the table below: In one year or less, or on demand The analysis of trade and other receivables by foreign currency is set out in the table below: UK pound US dollar Euro Australian dollar 2023 £’000 1,611 2023 £’000 1,406 92 113 – 1,611 2022 £’000 1,612 2022 £’000 1,476 83 51 2 1,612 The Group’s foreign currency receivables are denominated in the functional currency of the subsidiaries in which they arise. There is no impact on the loss for the year from foreign exchange rate movements on such financial instruments. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 14. Cash and cash equivalents Cash at bank (GBP) Cash at bank (EUR) Cash at bank (USD) Cash at bank (other currencies) All significant cash and cash equivalents were deposited with major clearing banks with at least ‘A’ rating. Trade and other payables 15. Amounts falling due within one year: Trade payables Other taxation and social security Other payables Invoice discounting Deferred income Accruals 81 2022 £’000 2,014 19 64 2 2,099 2022 £’000 1,018 2,273 436 – 1,847 361 5,935 2023 £’000 58 3 77 1 139 2023 £’000 1,422 1,137 320 104 1,961 347 5,291 The Group has an Invoice Discounting facility with a third party that is not a Bank. The amount owed to them at 31 March 2023 was £104,000 (31 March 2022: Nil). Amounts falling due after one year: Other taxation and social security 2023 £’000 8 8 2022 £’000 73 73 Amounts falling due after one year relate to the non-current element of the other tax and social security arrangements agreed with HMRC on the basis of time to pay arrangements (see Note 18). The balance payable will reduce as cash payments are made and is also expected to reduce as R&D tax credits are claimed from HMRC as and when quantified in respect of year ended 31 March 2023. 16. Borrowings Secured Other loans (i) Total secured borrowings Unsecured Bank loans Other loans Loans from related parties* Total unsecured borrowings Total borrowings * Further information relating to loans from related parties is set out in note 25. Current £’000 2023 Non-current £’000 Total £’000 Current £’000 2022 Non-current £’000 309 309 41 317 407 765 1,074 – – 142 73 – 215 215 309 309 183 390 407 980 1,289 205 205 40 91 386 517 722 – – 193 136 – 329 329 Total £’000 205 205 233 227 386 846 1,051 FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 82 16. Borrowings continued (I) SECURED LIABILITIES AND ASSETS PLEDGED AS SECURITY Of the loans, £77,000 (2022: £82,000) is secured against receipts from sales. The remaining secured loans are secured against assets of the business. Secured loans Unsecured loans Loans from related parties Total Secured loans Unsecured loans Loans from related parties Total As at 1 April 2022 £’000 205 460 386 1,051 As at 1 April 2021 £’000 266 689 368 1,323 Cash proceeds from borrowings £’000 608 267 – 875 Cash proceeds from borrowings £’000 546 – – 546 Repayments of capital £’000 Repayments of interest £’000 Interest accruing £’000 (490) (168) – (658) (55) (53) – (108) 55 53 21 129 Repayments of capital £’000 Repayments of interest £’000 Interest accruing £’000 (607) (229) – (836) (87) (60) – (147) 87 60 18 165 As at 31 March 2023 £’000 323 559 407 1,289 As at 31 March 2022 £’000 205 460 386 1,051 The Group has a number of loans in the period presented, and they are summarised as follows: Bank Lloyds Bank – CBILS Loan Unsecured 72 months October 2026 2.45% Security pledged Term Expiry/maturity date Effective interest rate Other Wesleyan Portman Asset Finance Bute Capital You Lend Paypal Stripe Fleximize My Cashline Federal capital 60 months September 2024 14.32% 36 months 12 months 12 months 12 months August 2023 November 2023 10.16% 11.52% October 2023 26.63% April 2023 4.26% -10.49% Parent company guarantee Director’s Guarantee Secured against assets of business Director’s Guarantee Secured against receipts from sales Secured against receipts from sales Director’s Guarantee 17 months May 2024 24 months December 2024 Director’s Guarantee 24 months Director’s Guarantee 12 months January 2025 January 2024 12.87% 29.4% 3% 46.74% Loans from related parties Unsecured loan facility provided by Andrew Brode Unsecured December 2023 5% above the Bank of England base rate Available to the Group until at least 31 December 2024 and will automatically renew for a further 12 months unless terminated by either party In addition, the Group has access to an invoicing discounting facility. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 83 Financial instruments – risk management 17. The Group is exposed through its operations to the following financial risks: – Credit risk – Interest rate risk – Foreign exchange risk – Other market price risk – Liquidity risk In common with all other businesses, the Group is also exposed to risks that arise directly from its use of financial instruments. This note describes the Group’s objectives, policies and processes for managing those risks and the methods used to measure them. Further quantitative information in respect of these risks is presented throughout these financial statements. I. PRINCIPAL FINANCIAL INSTRUMENTS The principal financial instruments used by the Group, from which financial instrument risk arises, are as follows: – Trade receivables – Cash and cash equivalents – Trade and other payables – Bank overdrafts – Floating rate bank loans – Fixed rate bank loans – Other loans – Invoice discounting Lease liabilities are secured as the rights to the leased assets recognised in the financial statements revert to the lessor in the event of default. II. FINANCIAL INSTRUMENTS BY CATEGORY Financial assets Cash and cash equivalents Trade and other receivables excluding prepayments Total financial assets Amortised cost 2023 £’000 139 1,074 1,213 All of the above financial assets’ carrying values are approximate to their fair values, as at each reporting date disclosed. Financial liabilities Trade and other payables Borrowings Lease payables Total financial liabilities Amortised cost 2023 £’000 1,846 1,289 153 3,288 2022 £’000 2,099 1,192 3,291 2022 £’000 1,454 1,051 262 2,767 All of the above financial liabilities’ carrying values are considered by management to be approximate to their fair values, as at each reporting date disclosed. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 84 17. Financial instruments – risk management continued III. FINANCIAL INSTRUMENTS MEASURED AT FAIR VALUE Classification of financial instruments The fair value hierarchy groups financial assets and liabilities into three levels based on the significance of inputs used in measuring the fair value of the financial assets and liabilities. The fair value hierarchy has the following levels: – Level 1: quoted prices (unadjusted) in active markets for identical assets or liabilities; – Level 2: inputs other than quoted prices included within level 1 that are observable for the asset or liability, either directly (i.e. as prices) or indirectly (i.e. derived from prices); and – Level 3: inputs for the asset or liability that are not based on observable market data (unobservable inputs). The level within which the financial asset or liability is classified is determined based on the lowest level of significant input to the fair value measurement. The Group did not hold any level 1 or 2 financial instruments in any of the periods presented. 18. Financial instrument risk exposure and management GENERAL OBJECTIVES, POLICIES AND PROCESSES The Board has overall responsibility for the determination of the Group’s risk management objectives and policies and, whilst retaining ultimate responsibility for them, it has delegated the authority for designing and operating processes that ensure that effective implementation of the objectives and policies to the Group’s finance function. The Board receives monthly reports from the Group Finance Director through which it reviews the effectiveness of the processes put in place and the appropriateness of the objectives and policies it sets. The Group’s internal auditors also review the risk management policies and processes and report their findings to the Audit Committee. The overall objective of the Board is to set policies that seek to reduce risk as far as possible without unduly affecting the Group’s competitiveness and flexibility. Further details regarding these policies are set out below: CREDIT RISK The Group’s credit risk is primarily attributable to its trade receivables, which are presented in note 13. In respect of trade and other receivables, the Group is not exposed to any significant credit risk exposure to any single counterparty; its counterparties have similar characteristics being small to medium sized UK businesses as well as a number of blue-chip organisations. Trade receivables consist of a large number of customers in various industries and geographical areas. Based on historical information about customer default rates management considers the credit quality of trade receivables that are not past due or impaired to be good. The credit risk on liquid funds is limited because the third parties are large international banks with a credit rating of at least A. The Group’s total credit risk amounts to the total of the sum of the receivables and cash and cash equivalents. At the 2023 year end, this amounts to £1,526k (2022: £3,259k; 2021: £1,419k). INTEREST RATE RISK The Group has secured and unsecured debt consisting of related party/bank and other loans. The interest on most of the loans is fixed, and therefore interest rate risk is considered to be limited. Interest rate risk arising from borrowing at variable rates is not hedged. FOREIGN EXCHANGE RISK Most of the Group’s transactions are carried out in GBP. Exposures to foreign currency exchange rates arise from the Group’s overseas sales and purchases, which are denominated in a number of currencies, primarily USD, EUR and AUD. Cash balances held in these currencies are relatively immaterial (see note 14) and transactional risk is considered manageable due to the values involved. The Group does not hold material non-GBP balances and currently does not consider it necessary to take any action to mitigate foreign exchange risk due to the immateriality of that risk. LIQUIDITY RISK Liquidity risk represents the risk that the Group will not be able to meet its financial obligations as they fall due. The Group’s approach to managing this risk is to ensure, as far as possible, that it will always have sufficient liquidity to meet its liabilities when due, under both normal and stressed conditions, without incurring unacceptable losses or risking damage to the Group’s reputation. Prudent liquidity risk management includes maintaining sufficient cash balances to ensure the Group can meet liabilities as they fall due, and ensuring adequate working capital using invoice financing arrangements. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 85 Financial instrument risk exposure and management continued 18. Further details are provided on page 60 in the Going Concern section. The table below shows the undiscounted cash flows on the Group’s financial liabilities as at 31 March 2023 and 2022, on the basis of their earliest possible contractual maturity. At 31 March 2023 Trade payables and other payables Lease liabilities Related party loans Bank and other loans At 31 March 2022 Trade payables and other payables Lease liabilities Related party loans Bank and other loans Total £’000 1,890 153 407 882 3,332 Total £’000 1,379 262 386 665 2,692 On demand £’000 Within 2 months £’000 Within 2-6 months £’000 6-12 months £’000 1-2 years £’000 Greater than 2 years £’000 1,430 – 407 – 1,837 460 – – 318 778 – 34 – 144 178 – 24 – 231 255 – 46 – 89 135 – 49 – 100 149 On demand £’000 Within 2 months £’000 Within 2-6 months £’000 6-12 months £’000 1-2 years £’000 Greater than 2 years £’000 790 – 386 – 1,176 228 – – 58 286 361 62 – 116 539 – 55 – 162 217 – 94 – 129 223 – 51 – 200 251 19. Capital management The Group’s capital management objectives are: – to ensure the Group’s ability to continue as a going concern; and – to provide long-term returns to shareholders. The Group defines and monitors capital on the basis of the carrying amount of equity plus its outstanding loans, less cash and cash equivalents as presented on the face of the balance sheet as follows: Equity Borrowings (note 16) Less: cash and cash equivalents (note 14) 2023 £’000 7,430 1,289 (139) 8,580 2022 £’000 8,701 1,051 (2,099) 7,653 The Board of Directors monitors the level of capital as compared to the Group’s commitments and adjusts the level of capital as is determined to be necessary by issuing new shares or adjusting the level of debt. The Group is not subject to any externally imposed capital requirements. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 86 Leasing arrangements 20. The following table outlines the maturity analysis of the lease liabilities: Contractual discounted cash flows Less than one year Two to five years Lease liabilities at 31 March Lease liabilities Lease liabilities 2023 £’000 58 95 153 2022 £’000 117 145 262 1 April 2022 £’000 (262) 1 April 2021 £’000 (280) Net cash flow £’000 Increase of liability £’000 Currency and non-cash movements £’000 31 March 2023 £’000 124 (20) 5 (153) Net cash flow £’000 Increase of liability £’000 Currency and non-cash movements £’000 31 March 2022 £’000 154 (137) 1 (262) The following amounts have been included in the Income Statement: Interest expense on lease liabilities (note 5) Operating costs relating to short-term leases and low-value assets Amounts recognised in the Income Statement 2023 £’000 (14) – (14) 2022 £’000 (69) – (69) The Group has elected not to recognise right-of-use assets and lease liabilities for short-term leases (i.e. lease term less than 12 months) or low-value assets (i.e. under £5,000). The Group will continue to expense the lease payments associated with these leases on a straight-line basis over the lease term. At 1 April 2022, this was less than £1,000. The borrowing rate used on the lease liabilities is 10%. Variable lease payments that depend on an index or a rate are also less than £5,000. RETIREMENT BENEFIT PLANS Benefits from the contributory pension schemes to which the Group contributes are related to the cash value of the funds at retirement dates. The Group is under no obligation to provide any minimum level of benefits. The assets of the schemes are administered by trustees in funds independent of the Group. During the year £188,000 was recognised in the Income Statement in relation to pension contributions (2022: £207,000). As at 31 March 2023, £58,000 is payable to pension schemes (2022: £nil). FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 21. Share capital AUTHORISED SHARE CAPITAL The authorised share capital comprises 107,826,246 (2022: 107,826,246) ordinary shares of £0.001 each. 1 April 2021 99,931,509 ordinary shares of £0.001 Issued 7,894,737 ordinary shares of £0.001 31 March 2022 and 1 April 2022 107,826,246 ordinary shares of £0.001 31 March 2023 107,826,246 ordinary shares of £0.001 87 £’000 100 8 108 108 On 17 January 2022, 7,894,737 ordinary shares with a nominal value of 0.1p were issued at 0.38p per share as the result of a subscription and placing. 22. Share premium 1 April 2021 62,462,940 ordinary shares of £0.001 Issued 7,894,737 ordinary shares of £0.38 Cost of shares issued 31 March and 1 April 2022 31 March 2023 £’000 13,227 2,992 (207) 16,012 16,012 Consideration received in excess of the nominal value of the 7,894,737 shares issued on 17 January 2022 as a result of the subscription and placing was included in share premium, less registration fees and commission of £207,000. Share-based payments 23. The Group operates a share option scheme to which the employees of the Group may be invited to participate by the Remuneration Committee. If the options remain unexercised after a period of ten years from the date of grant, the options expire. Options are forfeited if the employee leaves the Group before the options vest. The options were granted on 12 February 2018. Following approval by the independent Shareholders of the Company at the 2022 AGM, on the business day following the AGM results 100,000 options were granted to Mr Chris Hartshorne. Details of the number of share options and the weighted average exercise price (’WAEP’) outstanding during the year are as follows: 2023 Outstanding at the beginning of the year – vested and exercisable Options Outstanding at the year end Number vested and exercisable at 31 March 2023 2022 Outstanding at the beginning of the year – vested and exercisable Exercised Outstanding at the year end Number vested and exercisable at 31 March 2022 Number of options 426,760 100,000 526,760 526,760 Number of options 426,760 – 426,760 426,760 WAEP £ 1.64 0.25 1.38 1.38 WAEP £ 1.64 – 1.64 1.64 The options already in existence at the beginning in the year had vested prior to 31 March 2022. The options granted during the year vest on 31 March 2024. There was no share option expense recorded in the year ended 31 March 2023 or 31 March 2022 on the grounds of materiality. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 88 24. Related party transactions Key management personnel are identified as the Directors, including non-statutory directors, and their remuneration is disclosed as follows: Remuneration of key management Remuneration Social security costs Pension contributions to defined contributions scheme Other related party borrowings transactions are as follows: Principal At 1 April 2021 Loans repaid At 31 March 2022 Loans repaid At 31 March 2023 Interest At 1 April 2021 Interest accrued Interest paid At 31 March 2022 Interest accrued Interest paid At 31 March 2023 2023 £’000 438 61 34 533 2022 £’000 396 50 1 447 Andrew Brode £’000 350 – 350 – 350 18 18 – 36 21 – 57 Alan Calder and his wife are the trustees of the IT Governance Pension Fund. Other related party transactions are as follows: In prior years Xanthos Limited was considered a related party entity as Alan Calder is a co-owner of that company with his spouse (who runs the business). The business was sold during the prior year on the 30th September 2021 and from that date ceased to be a related party. Xanthos sub-leased office space from the Group, which is included within other income. During the period to 30 September 2021 this totalled £11k. Transactions were carried out on an arm’s length basis. The Group also made purchases from Xanthos. During the period to 30 September 2021, the Group made purchases totalling £264k from Xanthos of which £240k was capitalised. 25. Ultimate controlling party In the opinion of the Directors, there is no one individual who exercises control over the Group. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 COMPANY BALANCE SHEET FOR THE PERIOD ENDED 31 MARCH 2023 Assets Non-current assets Intangible assets Property, plant and equipment Investments in subsidiaries Deferred tax asset Current assets Cash at bank Other receivables Current liabilities Trade and other payables Borrowings Net current assets Net assets Equity Share capital Share premium Merger reserve Share-based payment reserve Retained deficit Shareholders’ funds 89 2022 £’000 798 1 10,817 2 11,618 1 8,490 8,491 (834) (386) (1,220) 7,271 18,889 108 17,338 4,276 126 (2,959) 18,889 Notes 3 4 5 6 7 8 9 10 2023 £’000 695 1 10,817 2 11,515 – 8,330 8,330 (783) (407) (1,190) 7,140 18,655 108 17,338 4,276 126 (3,193) 18,655 As permitted by Section 408 of the Companies Act 2006, a separate income statement for the Company has not been presented. The Company’s loss for the period ended 31 March 2023 was £234,000 (2022 loss: £386,000). Additionally, no cash flow statement is presented as permitted by FRS.101.8(L). The accompanying notes form part of the financial statements. The financial statements were approved by the Board of Directors and authorised for issue on 4 September 2023 and were signed on its behalf by: Chris Hartshorne Director Company registration number: 11036180 FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 90 COMPANY STATEMENT OF CHANGES IN EQUITY FOR THE PERIOD ENDED 31 MARCH 2023 Share capital £ Share premium £ Merger reserve £ Share-based payment reserve £ Retained deficit £ Total £ At 1 April 2022 108 17,338 4,276 126 (2,959) 18,889 Loss for the period and total comprehensive loss Transactions with owners Shares issued Cost of share issue – – – – – – – – – – – – – – – – (234) (234) – – – – – – At 31 March 2023 108 17,338 4,276 126 (3,193) 18,655 At 1 April 2021 100 14,553 4,276 126 (2,573) 16,482 Share capital £ Share premium £ Merger reserve £ Share-based payment reserve £ Retained deficit £ Total £ Loss for the period and total comprehensive loss Transactions with owners Shares issued Cost of share issue At 31 March 2022 – 8 – 8 108 – 2,992 (207) 2,785 17,338 – – – – – – – – (386) (386) – – – 3,000 (207) 2,793 18,889 4,276 126 (2,959) FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 NOTES TO THE COMPANY FINANCIAL STATEMENTS 91 Principal accounting policies 1. The principal accounting policies are summarised below. They have all been applied consistently throughout the period. GENERAL INFORMATION GRC International Group plc (the ‘Company‘) is a company incorporated in the United Kingdom under the Companies Act 2006. The address of the Registered Office is given on page 74 of this Annual Report and Accounts. The Company is a holding company that manages the other trading subsidiaries of the GRC International Group. BASIS OF PREPARATION The financial statements have been prepared in accordance with Financial Reporting Standard 100 Application of Financial Reporting Requirements (‘FRS 100‘) and Financial Reporting Standard 101 Reduced Disclosure Framework (‘FRS 101‘) and the Companies Act 2006 (the ‘Act‘). The Company is a qualifying entity for the purposes of FRS 101. The financial statements have been prepared on a historical cost basis. As permitted by FRS 101, no share-based payment disclosures have been included in these financial statements. Details of the share option scheme can be found in note 23 of the Group financial statements. The Company has taken advantage of the following disclosure exemptions under FRS 101: • the requirement in paragraph 38 of IAS 1 ‘Presentation of Financial Statements’ to present comparative information in respect of: • paragraph 79(a)(iv) of IAS 1; • paragraph 73(e) of IAS 16 ‘Property, Plant and Equipment‘; • paragraph 118(e) of IAS 38 ‘Intangible Assets‘; • • • • • • • • IFRS 2, ‘Share-based Payment’; IFRS 7, ‘Financial Instruments: Disclosures‘; the requirements of paragraphs 10(d), 10(f), 16, 38A, 38B, 38C, 38D, 40A, 40B, 40C, 40D, 111 and 134-136 of IAS 1 ‘Presentation of Financial Statements‘; the requirements of IAS 7 ‘Statement of Cash Flows‘; the requirements of paragraphs 30 and 31 of IAS 8 ‘Accounting Policies, Changes in Accounting Estimates and Errors‘; the requirements of paragraph 17 and 18A of IAS 24 ‘Related Party Disclosures‘; the requirements in IAS 24 ‘Related Party Disclosures‘ to disclose related party transactions entered into between two or more members of a group, provided that any subsidiary which is a party to the transaction is wholly owned by such a member; and the requirements of the second sentence of paragraph 110 and paragraphs 113(a), 114, 115, 118, 119(a) to (c), 120 to 127 and 129 of IFRS 15 ‘Revenue from Contracts with Customers‘. GOING CONCERN The financial statements do not include the adjustments that would be required should the going concern basis of preparation no longer be appropriate. INVESTMENTS Investments in subsidiaries and associates are measured at cost less impairment. For investments in subsidiaries acquired as part of a Group reorganisation for consideration, including the issue of shares qualifying for merger relief, cost is measured by reference to the nominal value of the shares issued plus fair value of other consideration. Any premium is ignored. For other acquisitions, investments in subsidiaries and associates are measured at fair value at the transaction date. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 92 1. Principal accounting policies continued INTANGIBLE ASSETS Internally developed intangible assets Expenditure on research activities is recognised as an expense as incurred. Costs that are directly attributable to a project’s development phase are recognised as intangible assets, provided they meet the following recognition requirements: • • • • • the development costs can be measured reliably; the project is technically and commercially feasible; the Group intends to and has sufficient resources to complete the project; the Group has the ability to use or sell the software; and the software will probably generate future economic benefits. Development costs not meeting these criteria for capitalisation are expensed as incurred. Directly attributable costs include an apportionment of employee costs incurred on internal development assets. Internal development assets include software, website costs, courseware, marketing tools, consultancy products and publishing products. Subsequent measurement The useful lives of all intangible assets are assessed as finite. Intangible assets with finite lives are amortised over the useful economic life and assessed for impairment whenever there is an indication that the intangible asset may be impaired. The amortisation period and the amortisation method for an intangible asset with a finite useful life are reviewed at least at the end of each reporting period. Changes in the expected useful life or the expected pattern of consumption of future economic benefits embodied in the asset are accounted for by changing the amortisation period or method prospectively. The amortisation expense on intangible assets with finite lives is recognised in the income statement as administrative expenses. Gains or losses arising from derecognition of an intangible asset are measured as the difference between the net disposal proceeds and the carrying amount of the asset and are recognised in the income statement when the asset is derecognised. Amortisation is calculated on a straight-line basis over the estimated useful life of the asset as follows: Software Website costs Courseware Consultancy products 5 years 5–10 years 10 years 10 years FINANCIAL INSTRUMENTS Recognition and derecognition Financial assets and financial liabilities are recognised when the Company becomes a party to the contractual provisions of the financial instrument. Financial assets are derecognised when the contractual rights to the cash flows from the financial asset expire, or when the financial asset and substantially all the risks and rewards are transferred. A financial liability is derecognised when it is extinguished, discharged, cancelled or expires. Classification and initial measurement of financial assets Except for those trade receivables that do not contain a significant financing component and are measured at the transaction price in accordance with IFRS 15, all financial assets are initially measured at fair value adjusted for transaction costs (where applicable). Financial assets are classified into the following categories: • amortised cost; or • • fair value through profit or loss (‘FVTPL‘); or fair value through other comprehensive income (‘FVOCI‘). FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 93 Principal accounting policies continued 1. In the period presented the Company does not have any financial assets categorised as FVOCI or FVTPL. The classification is determined by both: • • the entity’s business model for managing the financial asset; and the contractual cash flow characteristics of the financial asset. All income and expenses relating to financial assets that are recognised in profit or loss are presented within finance costs, finance income or other financial items, except for impairment of trade receivables which is presented within other administrative expenses. SUBSEQUENT MEASUREMENT OF FINANCIAL ASSETS Financial assets at amortised cost Financial assets are measured at amortised cost if the assets meet the following conditions: • • they are held within a business model whose objective is to hold the financial assets and collect its contractual cash flows; and the contractual terms of the financial assets give rise to cash flows that are solely payments of principal and interest on the principal amount outstanding. After initial recognition, these are measured at amortised cost using the effective interest method. Discounting is omitted where the effect of discounting is immaterial. The Company’s cash and cash equivalents and most other receivables fall into this category of financial instruments. CLASSIFICATION AND MEASUREMENT OF FINANCIAL LIABILITIES The Company’s financial liabilities include trade and other payables and contingent consideration. Financial liabilities are initially measured at fair value, and, where applicable, adjusted for transaction costs unless the Company designated a financial liability at fair value through profit or loss. Subsequently, financial liabilities are measured at amortised cost using the effective interest method except for derivatives and financial liabilities designated at FVTPL, which are carried subsequently at fair value with gains or losses recognised in profit or loss. All interest-related charges and, if applicable, changes in an instrument’s fair value that are reported in profit or loss are included within finance costs or finance income. IMPAIRMENT OF ASSETS At each balance sheet date, the Directors review the carrying amounts of the Company’s non-current assets to determine whether there is any indication that those assets have suffered an impairment loss. If any such indication exists, the recoverable amount of the asset is estimated in order to determine the extent of the impairment loss, if any. Where the asset does not generate cash flows that are independent from other assets, the Company estimates the recoverable amount of the cash-generating unit to which the asset belongs. Recoverable amount is the higher of fair value less costs to sell and value in use. In assessing value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current market assessments of the time value of money and the risks specific to the asset for which the estimates of future cash flows have not been adjusted. If the recoverable amount of an asset or cash-generating unit is estimated to be less than its carrying amount, the carrying amount of the asset or cash-generating unit is reduced to its recoverable amount. If the recoverable amount of a cash-generating unit is less than its carrying amount, the impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit pro rata based on the carrying amount of each asset in the unit. An impairment loss is recognised as an expense immediately. Where an impairment loss subsequently reverses, the carrying amount of the asset or cash-generating unit is increased to the revised estimate of its recoverable amount, but so that the increased carrying amount does not exceed the carrying amount that would have been determined had no impairment loss been recognised for the asset or cash-generating unit in prior periods. A reversal of an impairment loss is recognised in the Income Statement immediately. TAXATION Current tax, including UK corporation tax and foreign tax, is provided at amounts expected to be paid (or recovered) using the tax rates and laws that have been enacted or substantively enacted by the balance sheet date. Deferred tax is recognised in respect of all timing differences that have originated but not reversed at the balance sheet date where transactions or events that result in an obligation to pay more tax in the future or a right to pay less tax in the future have occurred at the balance sheet date. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 94 Principal accounting policies continued 1. Timing differences are differences between the Company’s taxable profits and its results as stated in the financial statements that arise from the inclusion of gains and losses in tax assessments in periods different from those in which they are recognised in the financial statements. Unrelieved tax losses and other deferred tax assets are recognised only to the extent that, on the basis of all available evidence, it can be regarded as more likely than not that there will be suitable taxable profits from which the future reversal of the underlying timing differences can be deducted. FOREIGN CURRENCY The functional currency of GRC International Group plc is considered to be UK Sterling because that is the currency of the primary economic environment in which the Company operates. Transactions in foreign currencies are recorded at the rate of exchange at the date of the transaction. Monetary assets and liabilities denominated in foreign currencies at the balance sheet date are reported at the rates of exchange prevailing at that date. Exchange differences are recognised in profit or loss in the period in which they arise. SHARE-BASED PAYMENTS The Company grants to its employees rights to its equity instruments of GRC International Group plc. The fair value of awards granted is recognised as an employee expense with a corresponding increase in equity. The fair value is measured at grant date and spread over the period during which the employees become unconditionally entitled to receive the awards. The fair value of the awards granted is measured using a pricing model, taking into account the terms and conditions upon which the awards were granted. The amount recognised as an expense is adjusted to reflect the actual value of share awards that vest except where forfeiture is only due to share prices not achieving the threshold for vesting. Where the Company grants awards over its own shares to the employees of its subsidiaries, it recognises an increase in the cost of investment in its subsidiaries equivalent to the equity-settled share-based payment charge recognised in its subsidiaries’ financial statements with the corresponding credit being recognised directly in equity. EQUITY Equity comprises the following: • • • • • ‘Share capital‘ represents the nominal value of equity shares issued; ‘Share premium‘ represents amounts subscribed for share capital, net of issue costs, in excess of nominal value; ‘Merger reserve‘ represents the excess of the fair value of the consideration received for the issue of shares over the nominal value of shares issued; ‘Share-based payment reserve‘ represents the accumulated value of share-based payments; and ‘Retained earnings‘ represents the accumulated profits and losses attributable to equity shareholders. DIVIDENDS Dividends are recognised in the period in which they are approved by the Company’s shareholders, or in the case of an interim dividend, when the dividend is paid. Dividends receivable from subsidiaries are recognised when either received in cash or applied to reduce a creditor balance with a subsidiary. ESTIMATION UNCERTAINTY Information about estimates and assumptions that have the most significant effect on recognition and measurement of assets, liabilities, income and expenses is provided below. Actual results may be substantially different. The Company makes certain estimates and assumptions regarding the future. Estimates and judgements are continually evaluated based on historical experience and other factors, including expectations of future events that are believed to be reasonable under the circumstances. In the future, actual experience may differ from these estimates and assumptions. The estimates and assumptions that have a significant risk of causing a material adjustment to the carrying amounts of assets and liabilities within the next financial year are discussed below. Estimates and assumptions • Level of expected credit loss provision to hold or not hold (note 6). Estimation is required in determining the extent of credit losses that may be incurred in the future. The estimate is reviewed for circumstances present at each reporting date and the level of provision adjusted accordingly. • Impairment of investments (note 4). Estimation is required in determining whether investments are impaired or not. The Company tests whether investments have suffered any impairment when indicators of impairment are identified. The recoverable amount of the Company’s investments have been determined based on value in use calculations which incorporate elements of judgement and estimation in relation to projected future cash flows and the discount rate applied. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 2. Employees Staff costs Wages and salaries Social security costs Pension costs The average monthly number of persons employed by the Company during the year was as follows: By activity Administration Sales and distribution Remuneration of Directors is disclosed in the Remuneration Committee Report. 3. Intangible assets 2023 £’000 2,960 339 86 3,385 2023 £’000 38 21 59 Consultancy products and courseware £’000 Software and website costs £’000 180 99 279 – 279 15 18 33 28 61 218 246 553 187 740 17 757 111 77 188 92 280 477 552 Cost At 1 April 2021 Additions At 31 March 2022 Additions At 31 March 2023 Accumulated depreciation At 1 April 2021 Charge for year At 31 March 2022 Charge for year At 31 March 2023 Net book value At 31 March 2023 At 31 March 2022 4. Investments in subsidiaries COST AND NET BOOK AMOUNT At 31 March 2022 and 31 March 2023 95 2022 £’000 2,493 333 50 2,876 2022 £’000 42 12 54 Total £’000 733 286 1,019 17 1,036 126 95 221 120 341 695 798 Investments in subsidiaries £’000 10,817 The carrying value of investments in subsidiaries relates to the Company’s directly held investments in IT Governance Limited and DQM Data Quality Group Holdings Limited. Further information about subsidiaries is provided in note 8 of the consolidated financial statements. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 96 Deferred tax 5. Deferred tax assets and liabilities are offset where the Group has a legally enforceable right to do so. The deferred tax asset is recognised to the extent that it is probable that future taxable profits will be available against which the asset can be utilised by way of parent company management services charges. Deferred tax asset at 1 April 2021 and 1 April 2022 Deferred tax asset at 31 March 2022 and 31 March 2023 6. Other receivables Amount owed by subsidiary undertakings Provision for expected credit loss Prepayments Share-based payments £’000 2 2 2022 £’000 9,956 (1,541) 8,415 75 8,490 2023 £’000 9,624 (1,492) 8,132 198 8,330 The movement from changes in amounts owed to the Company from its subsidiary undertakings and has been debited to the Income Statement. The provision is calculated based on a percentage of the balances outstanding at the period end according to the Directors’ estimate of the level of credit loss that may arise. 7. Trade and other payables Trade payables Other tax and social security Accruals Other payables 8. Borrowings Unsecured Loans from related parties Total unsecured borrowings Total borrowings 2023 £’000 328 201 211 43 783 2022 £’000 161 381 182 110 834 2023 2022 Current £’000 Non-current £’000 Total £’000 Current £’000 Non-current £’000 Total £’000 407 407 407 – – – 407 407 407 386 386 386 – – – 386 386 386 Further information relating to loans from related parties is set out in note 24 in the Group’s financial statements. Amount advanced £’000 Security pledged Term Unsecured loan facility provided by Andrew Brode 700 Unsecured Available to the Group until at least 31 December 2023 and will automatically renew for a further 12 months unless terminated by either party Effective interest rate 5.0% above the Bank of England base rate FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 9. Share capital Ordinary shares of £0.001 each 2023 Number 107,826,246 £’000 108 2022 Number 107,826,246 Authorised share capital The authorised share capital comprises 107,826,246 (2022: 107,826,246) ordinary shares of £0.001 each. 1 April 2022 107,826,246 ordinary shares of £0.001 31 March 2023 107,826,246 ordinary shares of £0.001 10. Share premium 1 April 2021 7,894,737 ordinary shares of £0.38 Cost of shares issued 31 March and 1 April 2022 31 March 2023 97 £’000 108 £’000 108 108 £’000 14,553 2,992 (207) 17,338 17,338 Consideration received in excess of the nominal value of the 7,894,737 shares issued on 17 January 2022 as a result of the subscription and placing was included in share premium, less registration and commission of £207,000. FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 98 FINANCIAL STATEMENTSGRC International Group plc / Annual Report & Accounts 2023 Our expertise, your peace of mind Our expertise, your peace of mind CONTENTS Strategic Report Highlights At a Glance Chairman’s Statement Chief Executive Officer’s Review Market Overview Strategic Approach Business Model Operational Model Financial Review Risk Management Key Performance Indicators Stakeholder Engagement Corporate Governance Governance Report Application of the QCA Code Board of Directors Audit Committee Report Remuneration Committee Report Directors’ Report Statement of Directors’ Responsibilities Financial Statements Independent Auditor’s Report Consolidated Income Statement 1 - 31 2 4 6 12 16 18 19 20 22 26 28 30 34 - 39 34 36 40 42 45 48 49 52 - 97 52 60 Consolidated Statement of Comprehensive Income 60 Consolidated Balance Sheet Consolidated Statement of Changes in Equity Consolidated Statement of Cash Flows Nature of Operations and General Information Notes to the Financial Statements Company Balance Sheet Company Statement of Changes in Equity Notes to the Company Financial Statements 61 62 63 64 73 89 90 91 GRC International Group plc Unit 3, Clive Court Bartholomew’s Walk Cambridgeshire Business Park Ely CB7 4EA T: 0330 999 0222 www.grci.group Our expertise, your peace of mind Annual Report & Accounts 2023 G R C I n t e r n a t i o n a l G r o u p A n n u a l R e p o r t & A c c o u n t s 2 0 2 3 A global provider for integrated cyber and privacy compliance platforms and solutions that help organisations implement their cyber defence in depth strategies

Continue reading text version or see original annual report in PDF format above