IGO management system IGO maintains a documented management system based on AS/NZS ISO standards. Our system is informed by a hierarchy of processes, as depicted in the graphic on page 37. This hierarchy starts with our purpose and our values. These in turn give rise to our strategy, Code of Conduct and operating policies. These high-level documents inform our Common Management Systems Standards (i.e., the prescription for the fundamental high-level business processes within IGO). In turn, these standards give rise to functional standards (e.g., safety, financial, IT). Finally, it is these functional standards that inform the specific guidance on how work is to be planned and executed through procedures and safe work instructions. At its heart, IGO’s management system is structured to drive continual improvement prioritised on the basis of risk. Conformance with our management system IGO has two well-established assurance processes to ensure the ongoing integrity of our systems: IGO’s corporate assurance program and IGO’s whistleblower process. IGO’s corporate assurance program is comprised of both internal and external audit, and operational reviews and inspections. External audit is primarily targeted at financial management and is completed in accordance with the law and recognised financial standards. IGO’s internal audit process is based on the progressive review of those elements of the IGO management operating system that control high-risk business processes, inclusive of, but not limited to, internal financial control and ESG management. Our corporate assurance program for financial matters is overseen by the Audit Committee. All non-financial matters are overseen by the Sustainability & Risk Committee. In FY20, IGO’s financial audit was completed by BDO Audit (WA) Pty Ltd, as detailed in the 2020 Annual Report. In FY20, the IGO internal audit program was coordinated by Enumerate. Given the diverse range of matters to be addressed by our non-financial audit, from internet security to geotechnical controls within an underground mine, IGO engages specific subject matter experts as required to complete these internal audits. In FY20, while IGO’s corporate assurance program identified numerous opportunities for improvement, none were deemed to be material to the governance and sustainable operation of our business. However, from the improvement opportunities identified, corrective actions have been prioritised and work is ongoing. The Sustainability & Risk Committee has oversight of IGO’s fraud control plan. The efficacy of this plan is tested as part of the corporate assurance program. In FY20, no acts of fraud of any type were identified. However, like most businesses, IGO is vigilant to potential cyber-security threats. As such we strengthened our IT systems to help mitigate cyberattacks seeking to leverage COVID-19 impacts and bypass normal defences and procedures. IGO is committed to maintaining an open and honest working environment in which our people can report instances of unacceptable conduct, without fear of intimidation or reprisal. The Group’s Whistleblower Standard enables our people, suppliers, contractors, tenderers and/or any other person who has business with IGO to report confidentially any significant concerns about the business or behaviour of individuals. This could include suspicion around business integrity and corporate governance, financial reporting, safety and environmental concerns or human rights. In FY20, no cases were raised through the IGO whistleblower process. Statutory compliance In FY20, IGO was not subject to legal action or prosecution. IGO’s corporate assurance program tests the business' compliance with the law. In FY20, IGO received a notification of breach and potential enforcement action from the Western Australia Department of Mines, Industry Regulation and Safety (DMIRS), following a workplace inspection of exploration tenements in our Fraser Range Project area. The breach outlined IGO’s non-compliance with regards to three tenement conditions, including the standard six-month rehabilitation timeframe, the removal of rubbish and waste, and the condition to ensure holes and excavations are made safe or filled. IGO’s investigation into the circumstances lending to these outcomes identified deficiencies in our internal systems. Our response and ongoing work programs are disclosed on page 53 of this report. IGO’s Nova Operation received five notices from the Western Australia Department of Mines, Industry Regulation and Safety following workplace visits by its inspectors. They relate to inadequacies in maintenance work platforms, a deficiency in record keeping related to DMIRS inspections, the identification of a non-compliant man-cage used with a mobile crane, and a notice related to the equipment involved in the previously noted fatality. RISK MANAGEMENT We safeguard our people, assets, legal position, reputation and the environment by understanding and managing risk, as well as ensuring we identify opportunities to best serve the long-term interest of all our stakeholders. Risk management at IGO is overseen by the Board through the Sustainability & Risk Committee. The committee operates in accordance with an approved Charter and assists the Board with overseeing and monitoring the Company’s Risk Management System. It should be noted that specific elements of financial risk management are separately monitored and reviewed by our Audit Committee. A description of our risk management system (inclusive of IGO’s Risk Appetite Statement) is provided in IGO’s Common Management System Standard 3 – Risk Management. The system is intended to address risks that may: • affect the health, safety or welfare of our employees, contractors, and visitors to our operations; • impact on the community and the environment in which the Company operates; • impede the Company from realising its purpose and delivering its strategic plan; • impact on the Company’s performance; • impact on insurance arrangements; • threaten compliance with the Company’s statutory obligations and commitments; • impact on the Company’s reputation, or that of its people; and • result in personal liability for Company Officers arising from the Company’s operations. IGO’s Risk Management process is comprised of a three-level hierarchical process. In FY20, IGO commissioned Deloitte Australia to complete a ‘top down’ review of our risk management system. This review will inform our continued improvement work program into FY21 and beyond. External factors and sustainability related risks affecting IGO are discussed in the 2020 Annual Report. Personal Risk Management Risks that are focused solely on the safety of individuals in the workplace Operational and Project Risk Management Risks that have the potential to materially impact individual sites or projects Business Critical Risk Management Risks that have the potential to materially impact our business IGO’s Risk Management process is comprised of a three-level hierarchical process 36 — IGO SUSTAINABILITY REPORT 2020 IGO SUSTAINABILITY REPORT 2020— 37 BUSINESS INTEGRITY