Annual report and accounts

for the year ended 31 May 2023

Protecting clients and

helping to build a more

secure digital future

NCC Group plc Annual report and accounts for the year ended 31 May 2023

In this report

NCC Group is a people-powered, tech-enabled global

Cyber Security and software escrow business. We

harness our collective insight, intelligence and innovation

to power end-to-end cyber services that protect our

clients from cyber threat.

Strategic report

1 Highlights

2 At a glance

4 Our investment case

5 Our strategic roadmap

6 Chair’s statement

9 CEO’s review

14 Our business model

16 Meet the CTO

18 Market dynamics

24 Our strategy

29 Meet the COO

32 Our solutions

35 Meet the Global Managing Director



40 Stakeholder engagement

42 Culture

46 Non-financial and sustainability

information statement

53 TCFD

60 Meet the CFO

61 Financial review

70 Principal risks and uncertainties

81 Viability statement

Governance

84 Chair’s introduction to governance

87 Governance framework

88 Board of Directors

90 Executive Committee

92 Board composition and division

of responsibilities

102 Shareholder engagement

103 Audit Committee report

110 Nomination Committee report

113 Cyber Security Committee report

115 Remuneration Committee report

138 Directors’ report

142 Directors’ responsibilities statement

Financial statements

144 Independent auditor’s report

152 Consolidated income statement

152 Consolidated statement

of comprehensive (loss)/income

153 Consolidated balance sheet

154 Consolidated cash flow statement

156 Consolidated statement of changes

in equity

157 Company balance sheet

158 Company cash flow statement

159 Company statement of changes

in equity

160 Notes to the Financial Statements

Additional information

215 Glossary of terms – other terms

217 Other information

218 Financial calendar

Intelligence

Read more on page 26

In February 2023 we announced our new strategy, signalling the next chapter of NCC

Group’s story and focused on:

This section provides more information on these four

elements, what we’ve achieved so far, how we will

measure progress, and our FY24 priorities in service

of our vision to become a truly global Cyber Security

and Software Resilience services provider capable of

delivering an end-to-end cyber solution that harnesses

our strengths in insights, intelligence and innovation,

accompanied by a fantastic client experience.

Read more on our risks on pages 70 to 80

Read more on our business model on pages 14 and 15

To be more client centric and

operate as a global firm, we are

restructuring how we operate.

This will help us achieve our

ambition, providing clients with

not only the best, but also the

breadth of NCC Group’s

ever-advancing Cyber Security

and Software Resilience solutions.

We are engaging colleagues, helping them to get excited about

NCC Group’s future, building on the past, and identifying the role

they play in delivering for our clients. Every single person at NCC

Group takes responsibility for client delivery.

To co-ordinate, execute and track progress, we have created

a modest transformation office – bringing together, for the first

time, central co-ordination of strategy delivery for the Group.

This will help us continue to deliver value – creating a bright

new future for colleagues, clients and shareholders alike.

Over the next couple of pages, we outline each of our strategic

pillars, what we’ve achieved since the launch in February 2023

and what is coming up in the near to mid-term future.

Diji Akinwale

Director of Strategy and Transformation

NCC Group plc 24

Deeper client engagement on the most pressing

Cyber Security and Software Resilience needs

What we said we would do:

In February 2023 we announced our plan to concentrate on

the rapidly growing, highly regulated sectors most vulnerable to

cyber risk. These sectors include financial services, technology,

media, telecommunications, government and public sector,

infrastructure, and industrials.

To implement this we are restructuring the organisation. This

means moving away from the previous regional P&L model to

establishing a global, revenue-focused team, aligned by regions

and the sectors identified above.

The aim of this restructure is to enhance our client relationships

through targeted expertise, while consistently assessing our

impact across different regions. This strategy will expand our

range of services within existing client relationships and better

capture the global scale of the insight, innovation and

intelligence we have historically delivered to clients.

What we have done:

Since initiating our strategy in February 2023, we’ve streamlined

our market approach by implementing a sales structure that

aligns our major regions by verticals. We have successfully

established this vertical alignment in the UK, and the same

structure is currently being scaled in North America.

For our smaller regions, we’ve strategically aligned them with

a country-centric focus, incorporating elements of the vertical

structure where suitable. This restructuring forms a crucial part

of our commitment to meet our clients’ needs more effectively

across various geographies and sectors.

We have also invested in Cheltenham and New York offices to

ensure our property portfolio echoes our commitment to client

service and reflects both the needs of our business and our colleagues

We have also further established our strategic partnerships.

We have accelerated our strategic relationship with Microsoft



‘Global Validation’ status from Microsoft, enabling greater

access to discount and Microsoft sellers and been awarded

a ‘managed account’ status by Microsoft, recognising our

investment and growth.

Beyond Microsoft, we have now signed a global partnership with

Splunk that enables better pricing for our clients and access to

wider Splunk sales teams.



Link to risks:

Strategy

Cyber and information security

People and partners

Market and competition

Brand and reputation

Quality and delivery



Offering broader service portfolio addressing

the full cyber security lifecycle

What we said we would do:

We proposed that in the coming years, we would look to build

out a broader service portfolio addressing the full cyber security

lifecycle, including:

•

Continuing to invest in our core Technical Assurance capabilities

•

Maintaining high quality of Incident Response services to help

clients at their critical moments

•

Further development of our Managed Services offering,



•

Building an additional Consulting & Implementation services

proposition to help C-suite confidently meet increasing

cyber security requirements

What we have done:

Since February 2023, when we announced our next chapter

strategy, we’ve actively sought to enhance global alignment

across our cyber security capabilities by establishing three

global capability groups, spearheaded by our new Chief Operating

Officer, Kevin Brown; see page 29. This structural shift aims to

better manage our global cyber security capabilities and our

global delivery and operations centre in Manila (see global delivery

pillar). This setup plays a vital role in driving global growth by

creating the capacity and ability to cater to our clients’ needs.

Our Managed Services sector was the first to align globally, and

has seen revenue growth of c.16% in FY23. This underpins the

positive impact of a more globally centred focus, particularly



the second half of the financial year.

Our ongoing reputation for cyber can be seen in our recent

announcement to be one of the first six providers for the

UK NCSC’s new Level 2 Cyber Incident Response scheme.

This recognises our ability to help private and public sector

organisations (big or small) as well as charities recover from

cyber-attacks and should give buyers confidence about the

breadth of our capabilities.

Read more about this story on our newsroom: www.newsroom.nccgroup.

com/news/ncc-group-announced-as-an-assured-service-provider-in-

latest-ncsc-cyber-incident-response-cir-scheme-470825



Link to risks:

Strategy

Cyber and information security

Innovation and product development

People and partners

Market and competition

Brand and reputation

Quality and delivery



NCC Group plc 25

Strategic report

Our strategy continued

Transitioning from an international to a fully

global business

What we said we would do:

We promised we would globalise our delivery capabilities.

This would allow us to move from an international to a truly

global business and would involve building a global delivery

organisation with new leadership tasked with developing the

best skills through flexible resourcing, including a new global

delivery and operations centre, with implementation in FY24.

What we have done:

We have concluded our search process for a new global delivery

and operations centre and selected Manila as the location for our

new office. A sustainable site has been secured, with recruitment

(both internally and externally) underway and on track to be

operational in 2023.

To drive this accelerated launch, our experienced leadership

and implementation team have developed local relationships

with universities to attract the best skills that will complement

recruitment of experienced hires, alongside our global delivery

capability, and help deliver existing and new services to clients.

This launch of a global delivery centre has required us to rollout

a new scheduling system, Kantata, to our US region as the

precursor to a global rollout. Putting this system in place will

allow us to seamless schedule and allocate work from clients in

any region to any of our global delivery colleagues, whether they

are based in Manchester or Manilla.



Link to risks:

Strategy

Cyber and information security

People and partners

Quality and delivery

Creating distinct and relevant brands for our

Cyber Security and Escrow businesses

What we said we would do:

In February 2023, we announced we would create distinct

and relevant go-to-market brands for both our Cyber Security

and Software Resilience businesses. These would help to us

to differentiate and grow our brand profile.

As part of our broader brand and marketing programme, we said

we would increase our focus at key industry events and be more

visible in market, and invest in sustained activity to build and

strengthen relationships at C-suite level in our target markets.

Finally, we said that we would better leverage our world-class

insight and intelligence, such as our regular research from

consultants or monthly Threat Intelligence reports.

What we have done:

We undertook the work to rebrand the Software Resilience

business and it will rollout from January 2024. You can read

more about this on page 34. Work is also underway for our Cyber

Security rebrand.

We’ve invested in significant presence at key cyber events such

as Gartner’s EU Risk and Security Summit 2023, and Black Hat

USA 2023 with bolt-on relationship building activity planned.

In the autumn of 2023, we will launch our own events

programme, for example, featuring our Global Head of Threat

Intelligence, among others, to add value to our clients and the

broader cyber community.

Brands

Link to risks:

Strategy

Innovation and product development

Market and competition

Brand and reputation

Quality and delivery

NCC Group plc 26









Part of the vision for NCC Group is to become a go-to provider

of cyber services for decision makers through a greater focus

on clients, capabilities, global delivery and differentiated brands.

This means being able to leverage the moments when we add value

for our new and existing clients to create greater impact through

offering a broader range of services.

We demonstrate this with a case where we were brought in

to support an international organisation possessing a complex

on-premise and multi-cloud architecture. They had experienced

multiple Cyber Security incidents in recent years and brought

us in to provide consultancy services to consolidate and enhance

their Cyber Security posture quickly.

As part of the consulting services initially requested, our team

conducted a compromise assessment, where we deployed tools

to identify indicators of compromise that threat actors leave during

an attack. This led to us carrying out a high level review of its whole

infrastructure to identify any vulnerabilities that would present

a critical risk to its business operations, examining its external

attack surface (including its public cloud services) for potential

exposure of data or vulnerable services, analysing data sets related

to previous breaches for evidence of undetected data exfiltration.

As a result of this consulting work, the client was able to move forward

with confidence that there were no urgent issues to address before

thinking about the long-term requirements. One of the long-term

critical gaps identified during the consulting review was the lack

of ongoing protective monitoring.

Through our development of Managed Services, we were perfectly

placed to plan and implement a rapid deployment of our NCC Group

Managed XDR service using Microsoft Sentinel and Defender.

The initial launch of this service was completed within five weeks

and addressed the on-premise and high priority cloud infrastructure



organisation and the client is moving forward with its programme

of security improvement in the knowledge its starting position is not

critical, and any new threats will be identified quickly if they arise

through protective monitoring.

We expect in future that much of our growth will come from our

ability to offer and embed a greater variety of services with our

clients. Our strategy enables this by ensuring that our expanding

range of capabilities can be delivered to clients across the globe.

This allows us to build on our historical strengths and create greater

impact for our clients across the full lifecycle of Cyber Security

decisions that they will make.

Read more on our cyber solutions pages 32 and 33

Strategic report

NCC Group plc 27

We are a Company with a unique perspective.

Most Cyber Security business’s operate



advise without having a real understanding







Kevin Brown

COO

28 NCC Group plc — Annual report and accounts for the year ended 31 May 2023

Meet the COO

Q&

Kevin Brown was appointed

COO in June 2023. He spent

20 years in high level UK

policing before moving to

BT in 2012, where he built

a $1bn managed security

services business. Most

recently, he has been

resident CISO for private

equity firm Insight Partners,

leading its “C-suite in

residence” programme

and working with cyber

companies to challenge

and refine their strategies.

Q. What attracted you to NCC Group?

I gave a lot of thought to what I wanted in my next role.

I was looking for three things.

Firstly, I only wanted to join a pure-play Cyber Security business.

This is where my passion lies. Secondly, I was looking for

a company with a clear vision and going for growth. And finally,

it had to have the right culture – somewhere that people were

supported to do brilliant work.

I found all three at NCC Group so in the end it was an easy

decision to make.

Q. What makes NCC Group different?

We are a company with a unique perspective. Most Cyber

Security businesses operate from the outside in – they attempt

to sell and advise without having a real understanding of what’s

going on within a business’s technology infrastructure.

But we operate from the inside out. We are often in privileged

positions where we gain an intimate knowledge of our clients’

challenges through our world-class incident response capability

or ongoing penetration testing. We are trusted to hold the

“tip of the spear”. And this means the subsequent consultancy

and end-to-end support we deliver is designed around the

specific needs of each client. This really sets us apart.

Q. Where do you see the biggest opportunities?

We are building out a set of services that will act as a natural

flywheel. There’s a sequential nature to what we do – one

informs the other and allows us to create deeper relationships

with our clients.

We have all the constituent parts, as well as from some of

the most significant businesses globally. This is simply about

knitting each element together – and we are already taking

some very meaningful steps forward.

Q. How do you view the global opportunity for

NCC Group?

We are already an international business. We have fantastic

client relationships and incredible talent in every major market.

The opportunity for us lies in greater global consistency –

ensuring shared best practice across markets – and flexibility

in resourcing, both of which will result in an even better service

for clients. Our new global delivery centre in Manila is a prime

example of how a global approach can make our business more

efficient, agile and scalable.

Strategic report

29NCC Group plc — Annual report and accounts for the year ended 31 May 2023

It’s in our DNA



The world around us continuously evolves and

so must how we operate to stay at the cutting

edge of our industry. We think forward, we adapt

and we’re not afraid to take calculated risks.

For our clients this means access to the latest Cyber Security

solutions that offer them peace of mind, knowing that, working

in collaboration, we’ll always be scanning and preparing for

threats to ensure their business stays operational.

30 NCC Group plc — Annual report and accounts for the year ended 31 May 2023



In focus

NCC Group drives for innovation, to improve

the security of the industry, our capabilities

and the way that we support our clients

Strategic partnership

Innovation thrives in the land of collaboration, which is why we have

built strategic relationships with industry leaders, allowing us to quickly

integrate cutting-edge technologies and capabilities into our solutions

providing well-rounded competitive offerings.

Expert Cyber Security professionals

Our Company strengths lie in the proficiency of our Cyber Security

experts. We lean upon this core strength to innovate our product and

services to provide continuous consultant-led solutions.

As an example of this, we continue to evolve our threat intelligence

capability to help our clients and the broader cyber community dealing

with the rapidly changing risk landscape. Our insights have been cited

in the press and clients are increasingly looking to us for intelligence and

advice and insights on their exposure and response. This has culminated

in our newest threat intelligence service, Online Exposure Monitoring.

Online Exposure Monitoring is an example of how we’ve built a partnership,

fed requirements and utilised our internal experts to create a new innovative

service that fits with our wider portfolio to solve multiple client problems.

Online Exposure Monitoring provides a lens that looks from the inside

out, creating continuous visibility into a client’s digital risk.

Our Company strengths





Siân John

CTO

How innovation supports our strategy

Strategic reportStrategic report

31NCC Group plc — Annual report and accounts for the year ended 31 May 2023

Our solutions



INCIDENT RESPONSE MANAGED SERVICES

Our global response capability provides immediate

support to clients under attack and in preparing for attacks.

In the event of an attack our service minimises disruption

to their business, mitigates threats, protects valuable data,

reduces financial loss and safeguards reputation by swiftly

identifying, containing and recovering from cyber attacks.

Impact

Sector: IT/technology

Challenge: Highly sophisticated threat actor had

maintained elevated access over considerable part

of the environment for months.

Solution: NCC Group enabled the client to increase its

visibility in the environment while tracking the threat

actor’s activity and reverse engineer its custom tooling

to achieve a successful eradication outcome.

Value: The full extent of the compromise was identified,

and the threat actor was successfully removed from the

environment. The client improved its overall security

posture and additional recommendations to further

fortifyxthe environment were provided, as well as

additional reports to satisfy any enquiring authorities.

Revenue sources

•

Non-recurring revenue but is an entry point for other

services that we offer

Strategic objectives

•

Continue to evolve and maintain the high quality

we have today of this critical, niche service

Our managed security services are known for delivering

high quality, consistent protection, informed by our

world-class threat intelligence. Our clients can expect

us to deliver solutions fit for their unique environment,

presented transparently. The outcome is real time threat

protection against a very sophisticated group of bad actors.

Impact

Sector: Education

Challenge: Ireland’s National Education and Research

Network organisation, HEAnet, was looking for a partner



to support the Irish education sector’s fight against

cyber crime.

Solution: Building on a similar engagement for the







and security operation centre services, along with

rapid intelligence sharing.

Value: We provide a critical support service to HEAnet’s

offering to over 30 educational institutions in its network.

With our integrated, collaborative alert system, and ongoing

monitoring, HEAnet is able to provide institutions with the

knowledge they need to build strong defences and quickly

respond to evolving threats.

Revenue sources

•

Largely recurring revenue

Strategic objectives

•

As a future growth driver we are investing to enhance

our offer to increase annual recurring revenues, and gain

a larger share of our client’s Cyber Security spend

NCC Group plc 32

CONSULTING & IMPLEMENTATION TECHNICAL ASSURANCE

Our Cyber Security experts work in collaboration with

our clients to identify potential vulnerabilities, develop

a strategy to mitigate these weaknesses, and then execute

the plan to strengthen the overall security posture to

protect valuable assets from potential threats.

Impact

Sector:

Challenge: Group executives lacked confidence in an

external security review and wanted an expert technical

opinion to drive security spend.

Solution: We baselined their technical capability and

researched their threat landscape. We expanded our

review into a comprehensive understanding of their

system security and produced a roadmap for security

investment and capability development.

Value: Provided peace of mind and a solution to reduce

the client’s attack surface, removed system vulnerabilities,

increased security awareness, and improved its ability to

monitor for and respond to threats.

Revenue sources

•

Non-recurring revenue but with potential for other services

Strategic objectives

•

As a future growth driver, we are investing in broadening

our portfolio of Cyber Security consulting services so

that we can better advise clients on their cyber risk

strategy and then help them implement technologies

and supporting processes that mitigate their cyber risk

We provide clients with proactive defence of their digital

assets through vulnerability assessment, penetration

testing, sophisticated adversary simulation, staff training,

third party assurance, and constant compliance and

security monitoring to enhance their system resilience

and data protection.

Impact

Sector: Technology

Challenge: The client lacked security coverage and

needed a partner to provide manual testing services and

manage critical vulnerabilities with remediation testing to

verify fixes were in place.

Solution: We provided the client with 24/7 coverage from

our global team, focusing on security testing and providing

reliable and effective coverage to help maintain the

security of its applications, as an extension to the in-house

security team covering multiple time zones and technical

specialities.

Value: The client had access to a global team of skilled

testers bringing diverse expertise and knowledge to

address potential security vulnerabilities. As a result

it reduced pressure on the in-house team and avoided

costly recruitment costs by outsourcing the capability.

Revenue sources

•

Non-recurring revenue but with potential for

other services

Strategic objectives

•

Invest in our core Technical Assurance capability,

including our continuous, always-on testing proposition

Strategic report

NCC Group plc 33

Our solutions continued



ESCROW AGREEMENT ESCROW VERIFICATION

An Escrow Agreement is a simple and effective tri-party

arrangement with mutually agreed terms between the

software customer, software supplier and NCC Group.

Under the Escrow Agreement, the supplier periodically

deposits a copy of the software source code and

associated materials for secure storage within NCC

Group’s secure physical or virtual vaults, ensuring that the

material can be accessed and released should the need

arise. In the event of a release, the software customer

can utilise the escrow deposit to maintain the software,

working from the source code, whether that be in house

or by engaging with another supplier.

Impact

Sector: Renewable energy

Challenge: When solar energy pioneer BrightSource

wanted to develop large-scale innovative projects, its

partners and bankers needed insurance against any

potential risks that may disrupt the smooth construction

and operation of its plants.



IP escrow and verification added a level of reassurance

at every stage with key project milestones included tied

to the release of project funding.

Solution: To meet the needs of both BrightSource and

investors, NCC Group and BrightSource worked together

to develop a tailor-made business continuity and risk

management solution to allow investors to witness

important developmental stages themselves and to have

access to important documentation should the need arise.

Revenue sources

•

Recurring annual revenue through contract renewal

Strategic objectives

•

Increase our footprint in key growth areas of North

America, Australia and the critical infrastructure market

Software Escrow Verification tests the source code and

material held under the Software Escrow Agreement to

ensure it is correct and complete and can be rebuilt into

the working application, providing a higher level of

resilience and business continuity assurance.

Impact

Sector: Financial services

Challenge: One of our customers, a multinational systemic

bank, had two challenges:



scenarios where supplier was no longer able to provide

support for software deployed in house



process was a successfully stressed exit plan as

required by the PRA SS2/21 outsourcing and third

party regulation

Solution: An Escrow Agreement had been in place for

several years, but the appropriate level of verification had

not yet been completed. To meet the requirements of the

PRA SS2/21 regulation, a complete end-to-end Escrow

Verification was completed. This was conducted in a

clean environment at NCC Group, without reliance on

the software owner’s infrastructure, using the deposit

materials collated as a result of an Entry Level Verification.

Value: All results were documented in a comprehensive

report and distributed to all stakeholders. Successfully

delivering this verification demonstrates the scenario

of a release event and ensured that the application could

be built from the source code.

With the escrow arrangement and the confirmation of the

Independent Build Verification, the bank has the peace

of mind that it is compliant with the PRA requirements

and has a tried and tested plan, should anything happen

to its supplier.

Revenue sources

•

Recurring annual revenue through contract renewal

and a schedule of verification tests

Strategic objectives

•

Continue to increase our verification attach rate

to Escrow Agreements

NCC Group plc 34

Meet the Global Managing Director



Q&

Andrew was appointed as

Global Managing Director

for NCC Group’s Software



business in November 2022.

Before joining NCC Group,

Andrew was CEO of the then

AIM-listed Tungsten Network,

and Group Chief Strategy and

Transformation Officer of IWG

plc (formerly Regus). Prior to

that, Andrew held a variety

of leadership roles within the

technology sector, at Dell

Computer Corporation and

Toshiba Information Systems,

having begun his career

with IBM.

Q. What have you learned since joining NCC Group?

My greatest learning has been that the Software Resilience

business has more untapped opportunity than I realised.

In any business where revenue has plateaued, you expect to

find operating model inefficiencies. The ability to address these

comes down to the support from the Board, from the ExCom,

our people and our clients. I have found that in abundance,

with everyone becoming involved in, and committed to,

delivering sustainable growth through a plan that addresses

those operating inefficiencies to build the right foundations

that underpin growth. The future growth of the Software



client at the centre of all that we do, radically simplifying our

processes and utilising new and emerging technology to

deliver an enhanced client experience.

Q. What are your achievements of note since stepping

into the role?

As a team, I am proud that we returned the business to growth

in H2 FY23 by focusing our sales and delivery teams on a single

objective – which was to meet the needs and requirements of

our clients. Overburdened with priorities, this was achieved

through identifying and focusing on the “critical few actions”,

which are transformative to our business, our bottom line and

our client experience. These included improving internal

communications, developing and launching a roadmap

to simplify our processes, and building and implementing

a credible growth plan.

We have witnessed a strong increase in colleague engagement

over the period and I am incredibly proud of not only what the

team has achieved, but the drive to be innovative in what we

deliver to our clients. Today, we have a team who believe in

themselves and in the value they are adding and who are

passionately committed to our clients and to achieving growth.

Q. What makes NCC Group’s Software Resilience

business different?

Without question our people, our offerings and our clients.

At the heart of our organisation are the teams that sell to,

support and deliver for our clients. I have spent a great deal of

time getting to know the team and listening to their input, which

has been used to help shape our change agenda. The commitment

and passion the team show continues to make me proud to have

each of them within the organisation.

Our product portfolio is impressive, not just software escrow,

but extending into many related products and offerings, which

are some of our best kept secrets. In FY24, we need to be far

more vocal about what we offer and what we can do to meet

our clients’ needs.

Our clients are highly innovative and working with them has

enabled us to change the way that we work to help deliver the

right solutions to them at the right time. At the end of the day,

our clients want to feel protected, safe and reassured that they

are receiving the best levels of service and that their needs

matter and are being answered.

Strategic report

35NCC Group plc — Annual report and accounts for the year ended 31 May 2023

Q. Where do you see the opportunity for

Software Resilience?

I believe the future for Software Resilience is bright. There is

opportunity within our existing client base and within the existing

market whitespace for acquiring new clients, and within new and

emerging markets, and we have new and emerging products. What

we need to maintain is a planned and focused approach, which

gives a rigorous approach to the way we manage and develop

our business. We will deliver on our simplified, scalable business

model to underpin our ability to realise the market opportunities.

Q. What are the key initiatives for FY24?

In FY24, we will continue to invest in simplifying our processes;

we will retire several duplicated systems, enabling us to have

a simplified and more effective client journey. We will build out

our presence in our existing markets, while also growing our

presence in both Europe and Asia. Another focus area for us

will be to expand our product portfolio and identify key market

adjacencies to further drive growth.

Added to this, we will launch our new brand, which will see us

move away from the Software Resilience name, amplifying our

brand presence and creating a distinct and separate brand

from NCC Group’s Cyber Security business.

In all, FY24 will be an exciting year for the business, as we

demonstrate what the team is truly capable of.

Q. How would you describe how the Software

Resilience business contributes to the performance

of the Group?

Our profitability and recent flat revenue performance clearly

make us a cash cow for the Group; however, with our team,

our client base and our growth plan, we can be so much more!

Q. How well known is Software Resilience in the

market?

It’s a little-known fact that NCC Group is the creator of software

escrow as a service, and today we are the world’s largest

software escrow provider. We protect and verify code for some

of the world’s leading companies and Government

organisations. But we don’t tell people enough – now all that’s

about to change! Back in February 2023, Mike Maddison, our

CEO, said that NCC Group would create distinct brands for both

the Cyber and Software Resilience businesses. I’m pleased to

say that as of now, we are on the cusp of rolling out our new

brand for escrow.

Q. What will be the new brand for Software Resilience,

and what difference do you think it will make?

I’m really excited about our own distinctive brand, Escode, that I

think will help us to differentiate and stand out in the market.

Visually it’s striking, but a brand is so much more than that. This

creates the opportunity for us to build our own identity, to

reconnect, and to engage with customers past and present,

helping us to build a better connection and creating an

opportunity to tell our story.

Q. When will we start to see the new brand in

the market?

We unveiled our new brand to colleagues in September 2023,

and expect Escode to be rolled out, including a new website,

early in 2024. Exciting times!

Meet the Global Managing Director

 continued

I believe the future for

Software Resilience is bright.

There is opportunity within





whitespace for acquiring

new clients, and within













36 NCC Group plc — Annual report and accounts for the year ended 31 May 2023

Our new centre in Manila

37NCC Group plc — Annual report and accounts for the year ended 31 May 2023

Strategic report

It’s in our DNA



We use, analyse and interpret the

vast amount of data we collate to make

strategic decisions – for our own business

and that of our clients through the solutions

we offer. We use technology, data and

machine learning to make smarter, data-

driven decisions, to operate efficiently

and predict trends.

The value to our client comes from our ability to

turn that intelligence into smart solutions. And while

we utilise artificial intelligence and other technologies

to deliver services at a faster rate, and lower cost, it’s



a higher quality and trusted service to our clients.

38 NCC Group plc — Annual report and accounts for the year ended 31 May 2023



How intelligence supports our strategy

Strategic report

In focus



60 unique data feeds – helps our clients defend against the latest



We’re constantly assessing, investigating and aggregating threat

intelligence from the dark web, research and our learned insights

from client engagements across the globe.

Our intelligence provides for the deployment of defences against

the latest attacker techniques and IOCs.

Our clients are able to leverage NCC Group’s advanced threat

intelligence which feeds directly into our custom threat detections.

With a local presence in all

continents around the world,











Siân John

CTO

Strategic report

39NCC Group plc — Annual report and accounts for the year ended 31 May 2023



We believe we have a responsibility to listen to our stakeholders,

considering all their needs, and using insights and learnings to improve

how we make important decisions. Our Code of Ethics guides us,

informing and helping us to build enduring and trusted relationships.

Listening insights are used to inform decision making at every level

of the organisation.

Stakeholder engagement

Link to strategy:

Our clients

Our capabilities Global delivery



Colleagues

The opportunity

•

Know they are contributing to our success

•

Feel confident they have the skills to do their job or are

supported to learn on the job

•

Know what is expected of them through structured

and fair performance management process

•

Have the opportunity to grow their career through our

learning and development offering

•

Spend quality time with their line manager and feel listened to

How we listen and engage

•

Regular virtual and in-person meetings at different levels

in the organisation with line managers and Executives

•

Internal news and collaboration channels to connect

colleagues to what is happening and also enabling them

to easily share approved content

•



where appropriate

•





Highlights in 2022/23

•

Launch of new Talent Partnership Framework to attract

diverse talent – entering into partnerships with Women





•

Launch of a global Speak Up policy to provide clear guidance

and signposting to colleagues across our global teams

•

Scoped and planned launch of gathering of diversity data,

due to launch in FY24

We are a people-led, tech-enabled business and our colleagues around the world each play an important role in helping to make

the digital world safer and more secure.

Clients

The opportunity

•

Using our research and intelligence expertise to understand

the threat and how that affects our customers’ operations

in their sector

•

Using our insights to develop “right-fit” solutions, which

improve and enhance our customers’ current and future

cyber resilience

•

The ability to work collaboratively with our clients, their

partners and broader supply chains

•

Horizon scanning regulations and legislation, and

contributing to government consultations based on

understanding of future market needs

How we listen and engage

•

Active account management

•

Client satisfaction surveys and complaints procedure in

place Industry collaboration with investment in sector-based

approach to understand and mitigate risks of current and

future technologies

Highlights in 2022/23

•

Streamlined our market approach implementing a sales

structure aligning our major regions by verticals. Smaller regions

have been strategically aligned with a country-centric focus

incorporating elements of the vertical structure where suitable.

This forms a crucial part of our commitment to meet our clients’

needs more effectively across various geographies and sectors

Rooted in our sector knowledge, we develop solutions tailored to the unique needs of our clients. Bringing our in-depth

understanding of the threat and regulatory landscape, we assist our clients in addressing their complex Cyber Security challenges.

NCC Group plc 40

Shareholders

Our network

The opportunity

•

Financial performance

•



•

Responsible long-term sustainable strategy

•

Sound corporate governance and stewardship

How we listen and engage

•

Strategic and financial updates issued via RNS Reach

and RNS respectively

•

Regular meetings with investor relations, management

and Board members

•

Investor roadshows after the full and half-year results

•

Open-door policy with investors

•

AGM

Highlights in 2022/23

•



Relations in January 2023

•

Implementation of investor management system –



with both shareholders and analysts

•

New strategy launched in February 2023, with investor

roadshow to build deeper understanding of our vision

•

Following our trading update in March 2023, the management

team offered shareholders the opportunity to meet to discuss

what had happened and further engage how the new

strategy would address concerns

The opportunity

•

Building on our technology heritage and our role as trusted

advisors to governments and regulators we provide independent,

technical expertise to improve cyber resilience policies

•

By understanding and shaping new and emerging regulations

and policy proposals we can develop the right solutions to

prepare for our clients’ future needs and requirements

How we listen and engage

•

Building alliances with global think tanks and foundations,

trade associations and campaign groups to pool resources,

amplify our messages and maximise impact

•

Strategic relationships with national technical authorities,

and support for government initiatives across all our regions

through direct engagement

•

Representation on senior government advisory panels

Highlights in 2022/23

•

Engaged with regulators around the world to advocate for



in Canada, Switzerland, the UK and India, paving the way



support compliance

•

Joined the United Nations’ intersessional consultation

on a new cyber crime convention, making recommendations

on how to improve international collaboration between law

enforcement authorities, promote cyber capacity building,

and protect the contribution of the industry in tackling

cyber crime

We are committed to engaging with our shareholders, creating an opportunity to understand our business, the market, how we

are responding and the opportunity to secure growth.

Our expertise plays a pivotal role in shaping evidence-based policy decisions. By adopting a proactive engagement approach,

we harness our insights to contribute meaningfully towards a more secure digital society and differentiate ourselves in the market.

Suppliers

The opportunity

•

Long-term trusted partnerships facilitating sustainable

overhead cost reduction and cost of sale margin improvement

•

Fit for purpose contracts and payment terms, ensuring a safe

and responsible supply chain with suppliers delivering to

acceptable service levels and protecting NCC Group from

any long-term commercial inflation

How we listen and engage

•

Regular meetings are held with key suppliers to help them

understand our strategy and future forecasting of service

•



with suppliers and structured on-boarding process

Highlights in 2022/23

•

Engaging existing suppliers in ESG to support our journey

to net zero

•

Introduction of a consistent global supplier on-boarding

and due diligence process to gain better visibility and control

of third party risks

•

Improved supplier relationship management process

implemented to drive better commercial value, operational

delivery and future innovation

•

Successful progression and management of the Group’s real

estate strategy to provide quality and productive environments

We engage with many different suppliers across our global business and value the role our supply chain plays in supporting

responsible business operations. Our procurement operations have been endorsed in line with industry best practice and we

proactively work with a consolidated supply chain network to drive innovation, deliver commercial value, mitigate risk and improve

operational benefit.

NCC Group plc 41

Strategic report

Culture

At NCC Group we embrace

difference and are connected

by our purpose to make the

digital world safer and more

secure. Across our global

operations we form a

phenomenal network, working

together, collaborating and

innovating to support our clients.

We are guided by our Code

of Ethics and our values,

which define our behaviours

– treating everyone and

everything with respect.

This is the foundation of

our culture and we strive to

create an environment where

everyone is welcome, feels

safe and can be successful.



Our mission unites us as a global community.





many of the world’s leading businesses. Our focus



are supported to be their very best, and they feel

empowered with managers and leaders who inspire

them. We provide clarity on their role and as





Above all, we give colleagues the opportunity to

follow their vocation and say with conviction that

what they do makes the digital world safer and



Michelle Porteus

Chief People Officer

Our values

We work together

We have each other’s back

We are brilliantly creative

We look at things differently

We embrace difference

We respect each other

We take responsibility

We get things done in the right way

42 NCC Group plc — Annual report and accounts for the year ended 31 May 2023

Wellbeing

Our work can be exciting and intense, delivered by passionate,

committed teams. We recognise the level of focus required to

deliver to high standards, and acknowledge that the pressures

of external and internal factors, when combined, can lead to

burnout. We’ve come through a pandemic where the focus was

very much on mental and physical wellbeing, into some challenging

economic headwinds – not just for NCC Group but also personally

for colleagues. This year we enhanced our wellbeing programme

to cover financial wellbeing too. As we headed into the Group’s

first redundancy programme in February 2023, the support was

welcomed by those impacted, and their teammates who remained.

Mental wellbeing

We have a global network of trained Mental Health First Aiders,

who provide support to their colleagues as required or requested.



in place for colleagues around the world, as well as on the ground

support through the people team. All managers are offered training

in mental health awareness and throughout the year we run

various colleague engagement campaigns to ensure that

it’s always okay to talk about mental health.

Physical wellbeing

As we continue to evolve how we work, we have made decisions

to close offices and embrace hybrid working practices for those

close to our main office hubs. Colleagues are supported financially

to set up their homeworking space, to ensure they are operating

in a safe environment.

In the US, we changed the policy for new colleagues, to enable

them to access negative vacation of up to 40 hours within their

first six months (a period that is normally used to accrue future

time off) and putting emphasis on the balance of work and time

away from the business, ensuring they are empowered to take

time off to rest and recharge as needed.



Buy Scheme – to enable colleagues to purchase up to five



In addition, long-service colleagues received additional days

off added to their annual allowance with the first milestone for

an additional day being four years.

Financial wellbeing

In the US we ran our first financial wellbeing week providing

colleagues with an extensive programme of support on personal

budgeting, saving for the future, retirement and much more.

We also introduced a wellness bundle that supports financial,

physical and mental wellness.

Our UK financial wellbeing programme included introducing new

mortgage broker benefits and free one-to-one pension adviser

meetings as well as a host of other internal and external

resources for colleagues to access.

In Spain we ran two external training sessions to help colleagues

learn how to manage stress and build financial resilience.

Bringing it all together we also launched Perkbox, a global discounts

and perks app which also includes access to a wellbeing hub.

Professional development

NCC Group has become a hub for talent, a place where people

can develop personally and professionally. We offer a broad

range of career options across our technology, sales

and professional practices. We strive to create an inclusive

environment to grow, and we have an embedded transparent

performance management process to support this.

Performance management

Colleagues and their managers are encouraged to meet on

a regular basis to review performance, with a formal documented

review at the half and full year.

The performance review plays an important role in supporting

colleagues’ personal development opportunities, while providing

role purpose and clarity. Career paths guide options, and our

commitment to internal mobility and the open approach to

vacancies support our ambition to retain our talented teams

and enhance careers within the Group.



64 colleagues took up new roles within the organisation,



Learning and development

In FY23 we brought the local training teams together as one global

team to enhance our learning and development programme. The

team is focused on building capabilities to support our move to

a global operating model – we’ll continue to invest in career paths and

equipping colleagues with the tools and knowledge to develop their

own careers, supported by our performance management process.

NCC Group plc 43

Strategic report

Culture continued

Professional development continued

Colleague engagement

In 2022 we decided to move away from the annual colleague

survey to a more progressive way of measuring sentiment

on a quarterly basis. We partnered with Glint, the LinkedIn

engagement programme, with the benefits of managers having

direct access to results (while still preserving anonymity of

participants) and being empowered to own the results, the

conversation and actions locally with their teams.

This regular pulse is critical while NCC Group moves through this

phase of transformation in the next chapter of the strategy and

provides the executive team with a rounded view on how colleagues

are feeling. Other sources of feedback are also sought, and this

includes regular and very successful listening sessions hosted



local town halls, as well as the team meetings and one-to-one

sessions as part of the performance management process.

We use these sessions to encourage discussion and opinion

on executive remuneration and how this aligns with the wider



where the information can be located and answers any questions

as they arise.

In the UK, Spain and Australia we operate colleague forums, where

colleagues are elected by their peers to meet with management

on a regular basis to discuss what’s on their minds. And in the

Netherlands, colleagues have appointed representatives forming

a Works Council.

With the implementation of our new strategy and changing



colleague recognition scheme with the aim of relaunching

it in the second half of FY24.

Diversity and inclusion

We want to create an environment where all colleagues feel

psychologically, emotionally and physically safe to be authentic,

share their personal experiences and have equal opportunities

to achieve, and that is representative of the diversity of the

world they live in.

In 2020 we established our colleague resource groups in support



Race and Ethnicity, and in 2022 we also launched an Accessibility

group. Each of the groups has a people team partner who supports

it in running engagement activities and making change happen.

Our colleague resource groups have been actively engaged in:

•

Reviewing and editing our US and Canada Colleague Handbook

•

Enabling the choice in use of pronouns in Workday – our HR



and across our Microsoft tools

•



enable us to benchmark where we are today and track year

on year improvement

•

Changing the US holiday calendar from 2024 to enable



to Juneteenth being observed from 2022

Colleague Resource Groups continue to actively create

engagement opportunities for the wider community, bringing

everyone together to learn, embrace and celebrate differences.

Gender diversity

As a UK-based company we see the requirement to publish

gender pay gap figures as a positive indicator of our progress

towards a fully inclusive workplace. From 2022 we extended

this practice to include North America and the Netherlands.

We are seeing steady progress but not as fast we would like it to

be. Pay gaps exist because genders are not represented equally

at different levels in the Company – not because we’re not paying

equally. NCC Group still has too few women at senior levels of the

organisation and while female representation has significantly

improved, and we see women moving from lower pay quartiles

to upper pay quartiles, we know there’s still much more to do.

Improving gender representation really matters to us. Overcoming

the barriers of inclusion to achieve a gender-balanced workplace

will take time and sustained effort, underpinned by a plan to drive

change. We remain committed to progress on inclusion for the

longer term, both for our current colleagues and future talent

coming into our industry.

Male

Female

Undisclosed

* Includes the CEO and CFO.

Direct reports to the Executive Committee



45%

55%

Board



37%

63%

Executive Committee*



44%

56%

Group



25%

73%

New hires in FY22



26%

65%

NCC Group plc 44

NCC Group has

become a hub for

talent, a place where

people can develop

personally and



Strategic report

45NCC Group plc — Annual report and accounts for the year ended 31 May 2023

As a part of our commitment to bolstering sustainability, this year

marks an important milestone in our journey. We partnered with

Ever Sustainable to undertake a comprehensive materiality

assessment. This initiative has granted us the chance to engage

directly with our colleagues, clients and shareholders, and the

broader industry to benchmark our current standing, define our

future priorities and integrate sustainability deeply into our operations

Upon completion of the materiality assessment, we proudly

present our inaugural sustainability strategy, available in our

detailed launch report.

Making the digital world safer and more secure

We recognise the paramount importance of Cyber Security as

the world becomes more connected and relies on technology

to progress. As a people-driven, technology-empowered global

Cyber Security and Software Resilience business, we provide

solutions that aim to make the digital world more secure and

resilient. Our focus extends from cutting-edge technologies

critical to achieving net zero transition plans, to fortifying existing

technologies against potential cyber threats. It’s what we

do every day for our clients.

To further share our expertise, we developed a global giving back

programme. This initiative empowers our colleagues to actively

protect our local communities and fosters the next generation

of cyber talent through partnerships and sponsorships.

Delve into our business model on pages 14 and 15

Explore our sustainability strategy launch report

The change begins within

Recognising the vital role of sustainability, we assigned

a Board member, Non-Executive Director and Head of the Audit

Committee Lynn Fordham, to be responsible for sustainability

in January 2023. Last summer, the Board took part in a workshop

with our climate partner, Planet Mark, and now, with our new

sustainability strategy in place, we are ready to enhance

sustainability engagement at every level of our organisation.

Expanding our Climate Change Working Group to support TCFD

reporting, we are setting in motion a structure wherein each key

area identified in our sustainability launch report has executive

ownership and associated KPIs. This will enable us to measure,

track and report our progress, in alignment with our overarching

business strategy.

Read more on our strategy on pages 24 to 28

We are wholly committed to doing



















Mike Maddison

Chief Executive Officer

Non-financial and sustainability information statement

Championing sustainability

through strategic action

NCC Group plc 46

In preparation for reporting against the European

Union Corporate Sustainability Reporting



independent materiality assessment that sought





the Company’s activities have an external impact.

This double materiality approach enables us

to consider both the risk and the opportunity.

Methodology

Based on the insights we have gained over the past few years

from our stakeholders – from rating agencies to colleague surveys

and client bid requests – we decided to assess impact against

26 topics across environmental, social and governance factors.

It was important to us that we didn’t restrict this list or close out

any risks or opportunities, and we gave stakeholders further

opportunity to comment on anything they thought was missing.

The assessment process sought to integrate industry research,

risk, opportunity and impact analysis and insights gained from

the stakeholder engagement process. These were then converted

into quantitative scores where possible.

NCC Group plc 47

Strategic report

Key:

Social

GovernanceEnvironmental

Diversity and inclusion

GHG emissions

Data privacy and ethics

Professional development

Cyber Security

Employee mental health

and wellbeing

Employee engagement

1. MAXIMISE

Significance to stakeholders

Impact on the business/external impact

Energy management

Waste and e-waste

Labour practices

and human rights

Product accessibility

and inclusion

Social value

Product design and

lifecycle management

Community outreach

Anti-bribery

and corruption

Product security

Biodiversity loss

Employee

engagement

Employee mental

health and wellbeing

Data privacy

and ethics

Diversity and inclusion

Professional development

GHG emissions

Cyber Security

Selling practices and

product labelling

Climate adaptation

Systemic risk

management

Sustainability

awareness

and capability

Product innovation

and impact

Digital capabilities

and access

Executive

remuneration and

incentivisation

Opportunities

in cleantech

Supply chain

management

3. MANAGE 1. MAXIMISE

2. MITIGATE4. MONITOR

Taking a multidimensional approach to materiality

Labour practices

and human rights

Energy management

Waste and e-waste

3. MANAGE

Social value

Product accessibility

and inclusion

Community outreach

Product security

Anti-bribery and corruption

Product design and

lifecycle management

Selling practices and

product labelling

Biodiversity loss

4. MONITOR

Supply chain management

Executive remuneration

and incentivisation

Product innovation and impact

Opportunities in cleantech

Sustainability awareness

and capability

Digital capabilities and access

Systemic risk management

Climate adaptation

2. MITIGATE

Non-financial and sustainability information statement continued

Taking a multidimensional approach to materiality continued

In assessing the relative importance of the topics in our materiality assessment we used the following process:

Prioritising topicsAssigning valuesSetting the scope

Step 1

Define and decide the final list of

topics keeping scope broad enough

to capture the best possible picture.

Step 2

Identify the main risks, opportunities

and impacts of each topic.

Step 3

Assign values for outward and inward

impacts and a likelihood rating for risks

and opportunities associated with

each topic, combining to define a final

impact value to plot on the X-axis.

Step 4

Input outcome of stakeholder

engagement with each topic scored

on its significance to the stakeholder

group, weighted on importance and

size of the sample group.

Step 5

Map each topic onto a matrix to help

visualise the relative importance.

Step 6

Prioritise the topics, linking to the

NCC Group purpose, vision and strategy

to determine where resources should

be allocated to have the greatest

impact, minimise risks and maximise

opportunities for the business.

Using materiality to drive strategy and impact

The materiality assessment helped us to identify what environmental, social and governance issues were most material

and significant to our business and stakeholders. We looked at the topics plotted on the matrix through four lenses to

do this and to identify areas to maximise, mitigate, monitor and manage.

Significance to stakeholders

Impact on the business/external impact

3. Manage

•

Engage with stakeholders to gather views

on the issue

•

Disclosure level determined by

regulation/stakeholder feedback

1. Maximise

•

Issues that are core to the sustainability strategy

•

High level of disclosure to demonstrate ambition

and progress

4. Monitor

•

Monitor the issue for changes to materiality

•

Lower level of disclosure

2. Mitigate

•

Build understanding and internal capability

to mitigate potential impacts

•

Transparent disclosure needed

NCC Group plc 48

The materiality assessment is just the start, and we will now

develop specific goals and targets within our control in line

with our business objectives and stakeholder expectations.

Enhancing our approach to sustainability enables us to mitigate



growth and innovation – something that is at the heart of NCC

Group’s DNA.

page 16

With a new framework, informed by the materiality assessment,

we will continue to improve not only how we report and adhere

to reporting regulations, but more importantly how we continue

to drive responsible business practice.

The full detail of this and how that led to our new framework

can be found in the sustainability strategy launch report.

Securing our future

We firmly believe that our purpose and approach to sustainability

are intertwined, ultimately securing our future as a business.

Central to our purpose is the drive to make the digital world

safer and more secure, building a global Cyber Security and

Software Resilience capability that enhances and advances

sustainable development.

Sustainable development relies on the adoption of digital

technologies. The transition to a greener, more equitable

and inclusive society manifests through the development

of innovative solutions such as smart cities, renewable energy

grids and clean transportation, as well as the accessibility

and widespread adoption of remote education and healthcare

solutions. However, these transformative benefits can only

be fully realised when these digital solutions are resilient

and trusted, which requires robust Cyber Security measures.

By advancing Cyber Security solutions and capacity building,

we are facilitating a secure digital space that allows for the

full potential of these sustainable initiatives to be unleashed.

This makes Cyber Security not merely a defensive measure

but a proactive enabler of progress and development.

Our purpose to make the digital world safer and secure transcends

all five pillars of The United Nations Global Goals – peace, prosperity,

people, the planet and partnerships. Digital transformation is a





safer, fairer world for everyone, in our increasingly digital lives.

Our purpose and our vision as a people-led, tech-enabled

business position us as an essential partner in digital

transformation and sustainable development.

NCC Group plc 49

Strategic report

Climate action

Non-financial and sustainability information statement continued





and Scope 3 emissions were calculated and verified by Planet

Mark in line with the GHG Protocol Corporate Standard. Planet

Mark calculated this from verified third party data and invoices

as part of our overall carbon certification. Note the certification

has not been independently audited by KPMG.

Scope 3 emissions for transmission and distribution, and travel

distances were calculated using the units of energy consumption

and travel distances provided respectively, multiplied by the

relevant BEIS emissions factors. Some conversions were used,









colleagues but neither received the response rate required

to provide accurate benchmark data for their respective

calculations. Our priority in FY24 is to improve on this with

an engagement plan.

In FY23 we committed to improving the data collection process

required from landlords. We significantly improved the number of

offices in our calculations through improved landlord engagement,

as well as extending coverage of our external data centres.

We have outlined our commitment to decarbonisation and our

continuing net zero journey in our new sustainability strategy -

and this includes focusing on including the relevant Scope 3

categories in future reporting. Once we have an accurate report

on our emissions, we can then work with Planet Mark, and other

experts where applicable, to set credible, science-based targets

to achieve net zero before 2050.

The reporting period is aligned with our financial reporting year



for which NCC Group is directly responsible. Having considered

the production metrics within the business, we have concluded

that annual turnover is the most appropriate to achieve

a benchmark, which aligns with the carbon reduction policy

and methodology we will work towards in FY24.

Our benchmark was set against a year still impacted by

restrictions on travel caused by the global pandemic, and

therefore this year we’ve observed an increase in travel and

office usage. This has led to a temporary rise in our overall

carbon intensity.

As a people-led business, this revitalisation of travel and

face-to-face time was essential, and this is something impacting

other businesses too. Despite the overall increase in emissions

we were successful in reducing emissions per colleague by

4.6%, which is one of our metrics as we mature our carbon

disclosure reporting capability.

Our focus continues on improving data, to fully understand

the

source of our emissions, and to enable us to set credible,

science-based reductions to achieve net zero before 2050.

By net zero, we follow the guidance from Planet Mark, which

ligned to the principles of the Science Based Targets initiative



absolute emissions across all three Scopes by at least 90%.

Read more on our journey to net zero in our sustainability strategy

launch report

2020/21

999

2021/22

298

2022/23

979

Electricity and heat

and steam (tCO



2020/21

125

2021/22

2022/23

189

Gas (tCO



2020/21

2022/232021/22

Company owned cars (tCO



2020/21

135

2022/232021/22

Business travel (tCO



Electricity: 74%



Heat and

steam: 1%



Natural gas: 9%



Company car

travel: 6%



Business

travel: 10%





Emissions by type 

NCC Group plc 50

Total GHG tCO

Source  2022 2023

tCO

change

from

year

% change

from

year

Scope 1

Gas 80.0  124.7  

Company vehicles

Diesel 22.6 5.2 3.0  

Petrol 24.2  12.3  485%

Hybrid — 4.0 —  

Fleet fuel – petrol — — 43.0 43.0 —

46.8  58.3 47.0 

Total Scope 1  200.4 183.0  

Scope 2

Electricity 297.8 924.5 979.0 54.5 6.0%

Heat and steam — 4.9 19.8  304%

Company vehicles – electric —  13.7  

Total Scope 2 297.8  1,012.5  9%

Total Scope 1 and 2 424.6  1,195.5 63.8 6%

Scope 3

Business travel  66.7 134.7 68.0 

Transmission and distribution losses — 54.9 52.9  

Heat and steam transmission and distribution losses — 0.3 —  

Fleet transmission and distribution losses — — 0.3 0.3 —

Total Scope 3   187.9 66.0 54.0%

Total Scope 1, 2 and 3 453.7  1,383.4  

Underlying energy use

The table below shows the proportion of energy use that occurs in the UK and non-UK countries alongside the total carbon emissions.

In FY23, 43% of the Group’s energy consumption and 35% of carbon emissions arose from the UK.

FY23 energy use FY23 carbon emissions

Area kWh

% of global

energy use Total emissions (tCO

e) % of global emissions

UK 2,201,099 43% 484.5 35%

Non-UK 2,925,189 57% 898.9 65%

Total 5,126,288 100% 1,383.4 100%

Intensity metric

Total per £m turnover – location based

Amount

Turnover



Total emissions

(tCO



Intensity per turnover

(tCO



    4.00

  335  

Comparison 15.10% 6.30% 10.40% 2.50%



carbon report

on our website

NCC Group plc 51

Strategic report

Non-financial and sustainability information statement continued

Disclosure index





Directive requirements contained in sections 414CA and 414CB of the Companies Act 2006.



Reporting topic

Policies and standards



Annual Report and Accounts

section reference Page Website resources

Climate-related

disclosures

•

Environmental policy

•

Sustainability report

•

TCFD report

•

Principal risks and uncertainties

•

Stakeholder engagement

•

Sustainability strategy

launch report

•

Planet Mark certification

•

Streamlined Energy

Carbon Report

Colleagues

•

Whistle-blowing policy

•

Code of Ethics

•

Disciplinary and grievance policy

•

Sustainability report

•

Stakeholder engagement

•

Remuneration Committee report

•

Our culture



•

Sustainability strategy

launch report

Social and

community matters

•

Modern slavery statement

•

Code of Ethics

•

Supply chain Code of Conduct

•

Giving back policy

•

Matched funding policy

•

Sustainability report

•

Stakeholder engagement 40

•

Sustainability strategy

launch report

Respect for

human rights

•

Modern slavery statement

•

Data privacy policy

•

Global equal opportunities and

diversity policy

•

Sustainability report

•

Stakeholder engagement

•

Culture

•

Sustainability strategy

launch report

Anti-bribery

and corruption

•

Anti-bribery and corruption policy

•

Gifts and entertainment policy

•

Sustainability report

•

Audit Committee Report 

•

Sustainability strategy

launch report

Business model

•

N/A

•

Our business model 

Principal risks

and uncertainties

•

Risk register

•

Principal risks and uncertainties

•

Audit Committee Report



NCC Group plc 52

TCFD reporting helps organisations like ours disclose climate-

related financial risks and opportunities in a structured way.



mandates climate-related disclosure for all UK listed companies

– we have produced a comprehensive TCFD Report. Our report



strategy, risk management, and metrics/targets and the



To ensure consistency across our report, we adhered to section

C of the TCFD Annex, titled “Guidance for All Sectors”.

As a result the following are documented as partially compliant

with further detail available within this report:

•



financial implications of climate scenarios into our financial

planning and in the next reporting period will look to

develop a quantitative scenario analysis and integrate

into financial planning.

•



business travel, electricity and distribution losses, heat and

steam transmission and distribution losses. We continue to

improve data collection from suppliers and understanding of

colleague commuting impacts to enhance our reporting across

other Scope 3 categories, through various planned engagement

activities in the next period.

Each pillar of our report includes a table detailing our current

disclosure and areas of focus for 2024.

Our assessment indicates a low risk of exposure to physical

and transitional climate changes, thanks to our business model.

However, we acknowledge the high importance of mitigating

greenhouse gas emissions, which emerged as a priority from

stakeholder feedback in our recent materiality assessment.

We continue to partner with Planet Mark, a leading sustainability

certification organisation, to calculate, verify and target

reductions in our carbon footprint and support our commitment

towards net zero before 2050.

We recognise the considerable opportunities presented by the

growing climate-focused market. Our collaborations with clients in

industries such as electric vehicles, renewable energy, operational

technology and other climate-friendly technologies underscore

our readiness to seize these opportunities for sustainable growth.

Evolving our sustainability agenda

We are pleased to present NCC Group’s second annual report in accordance



Governance

TCFD recommended disclosure Compliance NCC Group disclosure Focus areas for FY24

Governance

A. Describe the

Board’s oversight of

climate-related risks

and opportunities

Compliant

•

The Board has appointed the Head

of the Audit Committee as the lead

Non-Executive Director responsible

for sustainability. Monthly updates

are provided via the CFO report to the

Board as well as directly from regular



with the Director of Investor Relations

and Sustainability with the full Board,

including an update on progress

against the Group’s goals and targets

where appropriate.

•

The Board takes overall accountability for

the management of climate-related risks

and opportunities and considers them as

part of its overall risk review processes.

For example, the Board (and management



criteria to facilitate conscious decision

making on the location of NCC Group’s

new global delivery centre to support

execution of the strategy.

•

We are in the process of incorporating

ESG criteria into the Group’s budgetary

planning process and financial planning

for FY25.

•

From the 2023 materiality assessment,

set goals for FY24, with at least quarterly

updates through the CFO report, to show

progress against the plan and continue to

mature the process by which the Board will

oversee progress against the targets for

addressing climate-related issues.

•

Meet at least quarterly with the nominated

NED responsible for sustainability to reflect,

discuss and ensure actions are being taken.

•

Continue to develop NCC Group’s net

zero journey and broader sustainability

strategy with oversight and input from

the Board.

TCFD

NCC Group plc 53

Strategic report

How ERM fits into the Group Committee structure

Internal audit

External and ISO auditors

Board

Audit Committee Cyber Security Committee

Enterprise Risk



Committee

ExCom

The above diagram shows how the Enterprise Risk Management Committee feeds into the Audit and Cyber Security Committees,

which in turn reports to the Board. Actions are also driven back down from the Board as reflected in the above diagram.

TCFD continued

Governance continued

TCFD recommended disclosure Compliance NCC Group disclosure Focus areas for FY24

Governance continued

B. Describe the

management’s role

in assessing and

managing climate-

related risks and

opportunities

Compliant

•

A new role was created in January 2022

to bring sustainability and investor

relations together. The newly appointed

Director of Investor Relations and

Sustainability (formerly Director of



reporting to the Chief Financial Officer,

provides advice and updates to the

Executive Committee on climate-related

issues as and when relevant.

•





meets quarterly addresses climate risk

as part of that process.

•

Continue to mature NCC Group’s net zero

journey, including improvement of

collation of Scope 3 emissions.

•

Review and update the terms of reference

for the Climate Change Working Group in

line with the materiality assessment and

integrate into the existing Board and

executive governance processes.

•

Once all new executive members are

appointed and upon completion of the

sustainability strategy, identify executive

ownership for each element including

climate change and how this is supported

through the Climate Change Working Group.

•

Integrate the output from the double

materiality assessment conducted in FY23

into our newly launched business strategy,

to incorporate key ESG considerations

into decision making where relevant.

Lynn Fordham, the lead Non-Executive Director for Sustainability,

was appointed by the NCC Group Board Chair. In addition to her

position as the Head of the Audit Committee, Lynn’s role is to

oversee the Company’s sustainability strategy, ensure its

integration with the overall business strategy, and provide

regular sustainability updates to the Board.

While there is no specific Board committee for environmental



by the Director of Global Governance addresses these issues.

The ERM meets bi-monthly and is attended by our CEO and CFO.

It discusses, among other risks, sustainability and environmental

challenges, which are then reported to the Board.

From March to May 2023, we conducted our first materiality

assessment considering both inward and outward impacts (see



various stakeholders, including shareholders, colleagues and

clients. The results formed the foundation of our newly launched

sustainability framework, which outlines our priority areas for

the

next one to three years.

As NCC Group’s business strategy evolves, the sustainability

framework will be integrated into our strategic planning.

An engagement programme is being developed to ensure that

our internal stakeholders, including the Board, are informed, and

engaged on not just climate change but all priority sustainability

topics. This programme will feature training sessions, workshops

and continued awareness-building initiatives.

The Board and the Executive Committee are committed to

communicating their dedication to addressing climate change.

This will be demonstrated through our annual Sustainability

Report and reinforced through other appropriate internal and

external communication channels throughout the financial year.

NCC Group plc 54

Strategy

TCFD recommended disclosure Compliance NCC Group disclosure Focus areas for FY24

Strategy

Describe the climate-related

risks and opportunities the

organisation has identified

over the short, medium

and long term

Compliant

•

See tables on page 56 describing risks and

opportunities, which were selected based on

location of our existing business and known

climate change risks affecting the broader

region we operate in.

•

Monitor actions arising from

the risk register.

B. Describe the impact

of climate-related risks

and opportunities in

the organisation’s

business strategy

and financial planning

Partially

compliant

•

An impact in our ability to meet climate-related

disclosures that are required by clients in their

capture of Scope 3 emissions. Each sector we

operate in has its own requirements, because

of legislation and their own commitments. Not

understanding or assessing this could have an

impact on NCC Group’s ability to meet the

requirements in a contract.

•

Climate-related taxes, or fines for non-compliance

could impact the business if we fail to take action.

•

Our ability to raise capital to invest in growth,

may be restricted if we fail to make progress

on climate related action, which forms part of

sustainable lending requirements.

•

As part of the verticalisation element of our

strategy, we are undertaking research to ensure

we meet the broader ESG criteria that applies to

our clients. We are creating a knowledge bank for

sales teams and will conduct regular briefings/

updates through internal channels.

•

Develop a knowledge

management repository that

supports sales/bid teams in

accurately representing how

NCC Group supports clients

in meeting their specific

climate-related disclosures.

•

Working in collaboration with

strategy, marketing and public

affairs, ensure that environment

and broader sustainability

considerations are built into the

understanding of client needs

by sector and by region.

C. Describe the resilience of

the organisation’s strategy,

taking into consideration

different climate-related

scenarios, including a

C or lower scenario

Partially

compliant

•

We have conducted an initial quantitative



C and 4

•

Develop the initial scenario

analysis and integrate, aligned

to NCC Group’s strategy

development, into future financial

and strategic planning activities

as our net zero journey matures.

In our ongoing commitment to the TCFD’s Strategy pillar, we are

not only advancing our approach to managing climate-related risks

but also actively pursuing growth opportunities within the climate

change sphere. We’ve formed strategic partnerships, such as our

collaboration with Planet Mark, to help us lower our carbon footprint

and develop more sustainable business practices. As a proud

member of techUK’s Responsible Business Community, we’re

also exchanging insights and best practices with industry peers

to collectively address climate change.

In early 2023, we appointed our first Director of Strategy, who

will play a crucial role in our internal Climate Change Working

Group. This group is currently tasked with evaluating the

potential impact of climate change on our business operations,

identifying both risks and opportunities. To date, the group has

been focused on improving the collation of climate-related data

to assess our current state and instrumental in helping to

progress our ambitions to set achievable targets for reducing

our carbon emissions over the next five years. New terms of

reference for this working group are to be defined along with

clearly identifying how it is embedded into our existing

governance process from the Board down.

Our focus is not limited to risk mitigation but extends to

exploring opportunities where we can make a positive impact.

This includes improving the energy efficiency of our operations,

collaborating with our landlords and requesting renewable

energy sources, and identifying ways our technology solutions

can contribute to our clients’ sustainability efforts. As we

continue our climate change journey, we are committed to

regularly reporting our progress against these objectives,

showing transparency in our endeavours, and constantly

seeking ways to better our efforts.

Climate-related risks

Our comprehensive risk management framework (summarised

in the Risk Management section of the Annual Report on pages



climate-related risks. We categorise these risks into:

•



policy changes impacting climate-related risks and opportunities as

well as existing forecasting processes considered by management

which are reviewed and evaluated on an annual basis.

•



that may affect climate-related risks and opportunities.

•



of international agreements and commitments, technological

trends and changes to policy or carbon pricing and their

impact on our operations, client services and supply chain.

For instance, short-term risks might include immediate regulatory

changes or extreme weather events, while long-term risks could

be major shifts in our industry driven by the transition to a low carbon

economy. Each identified risk is paired with corresponding mitigation

measures, such as implementing energy-efficient technologies

or diversifying our supply chain, aimed to reduce our vulnerability.

While these risks apply to the Group as a whole, we do recognise

that certain locations face unique challenges. For example, our

operations in coastal areas are more susceptible to rising sea

levels and increased frequency of extreme weather events.

For a more detailed understanding of the climate-related

risks and opportunities we face, please refer to the table

below. It provides a snapshot of the specific challenges we’re

addressing and the strategic responses we have undertaken.

NCC Group plc 55

Strategic report

Climate-related risks continued

Risk Risk impact Short/medium/long term Regions impacted Mitigating activities

Physical risks

Extreme weather

(acute)

Causing business disruption

and loss of service delivery

and therefore revenue

Short to medium term All but particularly

North America







•

Business interruption cover

•

Business Continuity Plans

•

Remote working in place

•

Dutch flood defences in place

Sea level rises

(chronic)

Increased likelihood of

flooding in Delft and

Amsterdam offices causing

increased insurance premiums

Long term 

Amsterdam offices

Transition risks

Increase in taxes

and levies for

greenhouse

gas emissions

Disruption and increased

costs to ensure compliance

with new legislation

Medium term Depends on

local legislation

•

Working with Planet Mark

to calculate our carbon

footprint, ways to reduce

it, and colleague and

Board engagement, and

helping progress our net

zero journey

Move to net zero Increased costs required

to lower emissions

Long term Global

•

Remote delivery of client

services where possible

•

Company car scheme

only for electric and hybrid



•

Annual calculation of



with Scope 3

emissions

collation started

•

Rigorous and transparent

budget setting will

identify increasing costs

associated with carbon

emissions reduction

Margin risk Impact on results due

to extra costs incurred

to lower emissions

Medium term Global

•

Accounting policies

regularly reviewed

•

Rigorous and transparent

budget setting will

identify increasing costs

associated with carbon

emissions reduction

Reputation risk Increased stakeholder

concern and changing

customer behaviours

Medium term Global

•

Ongoing dialogue

with investors

•

Benchmarking and

independent reviews

undertaken through a double

materiality assessment

•

ESG information

publicly available

Supply chain risk Substitution of existing

products and services with

lower emission options

Medium to long term Global

•

Scope 3 questionnaires sent

to supply chain partners

equating to 80% of our spend

•

Business Continuity Plans

•

Reviewing office strategy

TCFD continued

Strategy continued

NCC Group plc 56

Opportunities to further reduce NCC Group’s impact

on the environment:

Resource efficiency: By embracing more efficient modes

of transport, promoting recycling, encouraging hybrid working

models and operating within efficient buildings, we can lessen

our environmental footprint, improve colleague satisfaction and

reduce operational costs. For instance, removing unnecessary

travel not only reduces our carbon emissions but also empowers

colleagues with more control over their work-life balance,

contributing to improved morale and productivity (anticipated



Energy source: Our transition to lower emission energy sources,

underpinned by the introduction of an electric/hybrid car scheme

for all UK colleagues, demonstrates our commitment to sustainable

practices. By giving colleagues access to green car options, we

are mitigating our exposure to future fossil fuel price fluctuations

and regulations. It also addresses our colleagues’ material

concerns, fostering a culture of environmental responsibility and



Market: As industries evolve in response to climate change,

we’re strategically positioned to leverage these transformations.

For example, by partnering with companies transitioning into

alternative energy sources or working on projects involving smart

meters, electric vehicles, IoT technology for waste reduction and

cloud data centres, we anticipate strengthening our market

position and enhancing our reputation as a sustainable and



Resilience: Our sustainable business model increases our resilience

to climate-related risks, demonstrating our commitment to being

a responsible and ethical supply chain partner. This commitment

to sustainability not only aligns us with an increasingly eco-aware

market but also empowers us to lead in the space, fostering

a culture of innovation and responsible business practices (short



Scenario analysis

To understand the risks and opportunities our business faces

considering climate change, we have conducted a

quantitative









of the scenarios selected is provided below.

These scenarios are chosen to reflect the diverse spectrum

of possibilities that could unfold due to different levels of global

effort to curb climate change. In the context of these scenarios,

“transition risks” refer to the challenges associated with the shift

towards a lower carbon economy, while “physical risks” denote

the potential damage caused by climate change itself.

In terms of the risks selected, these were based on physical

locations and the nature of our business in key locations of

North America, the UK, Europe and Asia Pacific. We are in the

process of flowing this into our financial planning and will continue

to do so as we mature our climate action planning and reporting.



rapid shifts in regulatory and market conditions, but the physical

risks would be significantly reduced due to the effective global

action on climate change. Conversely, Scenario 2 predicts lower

transition risks but considerably higher physical risks due to the

lack of substantial progress towards climate goals.

We’ve further broken down these risks by timeline, classifying





offers a comprehensive overview of NCC Group’s potential

exposure to both transition and physical risks under each scenario.

While our current analysis is qualitative, we are working towards

quantifying these risks and opportunities as we progress towards

our net zero targets and improve our data collection across Scope



impact on our Financial Statement disclosures based on our

materiality assessment results see page 47 of the Annual Report

and known near to mid-term regulatory developments. However,

we will continuously monitor both transition and physical risks,

adjusting our mitigation strategy as necessary.

Risk type Risk Risk impact Scenario

Short term



Medium term



Long term



Physical

risk

Rising sea

levels

Risk to NCC Group offices

located in high risk areas, e.g.

Delft, as well as colleague and

customer homes resulting in

business disruption

 Low

Low

High

2 Low High High

Flooding Impact to service quality and

disruption to systems, increased

costs to relocate colleagues

 Low Low Low

2 Low High High

Transition

risk

Increase in taxes

and levies

Disruption and increased

costs to ensure compliance

with new legislation

 Low Medium High

2 Low Low Low

Margin risk Impact on results due to extra

costs incurred to lower emissions

 Low Medium High

2 Low Low Low

Reputation risk Increased stakeholder

concern and changing

customer behaviours

 Low Medium High

2 Low High High

Supply chain risk Substitution of existing

products and services with

lower emission options

 Low Medium High

2 Low Low High

NCC Group plc 57

Strategic report

TCFD continued

Strategy continued

Financial planning

We recognise the significant implications of climate-related risks

and opportunities on our financial planning. We anticipate shifts

in our future business model and strategy in response to evolving

market conditions due to climate change. We foresee potential

changes in customer preferences towards more sustainable

products and services, along with possible disruptions in our

supply chain due to extreme weather events. These factors are

thoroughly considered in our business strategy development.

Our business strategy has been designed to be resilient to future

economic and climate-related scenarios. And by running regular

scenarios we can test that resilience, and ensure it’s considered

in future business strategy development, enabling us to adapt

accordingly, without disrupting or negatively impacting

current operations.

The scenarios are based on industry insights, which were used

in the expert input into our materiality assessment. We will look

to assess the potential financial implications of various climate

scenarios and factor these into our revenue forecasts, expenditure

plans and asset valuations from FY25 onwards. This will include

a detailed analysis of potential climate-related liabilities and their

impact on our financial stability.

Our future aspiration is to incorporate climate considerations

to influence future investment decisions by the Group, always

reducing our carbon footprint, and gradually divesting areas that

carry high climate-related risks. For now though, we are actively

working to improve our operational efficiency and addressing

things we can directly influence to reduce our impact on the

environment and realise cost savings.

In summary, our organisation is committed to integrating

climate considerations into our financial planning process.

We will continue to refine our approach as we gain more

data and insights into the evolving climate scenarios.

Risk management

TCFD recommended disclosure Compliance NCC Group disclosure Focus areas for FY24

Risk management

Describe the organisation’s processes

for identifying and assessing

climate-related risks

Compliant

•

Climate-related risks are managed

through our enterprise risk

management framework.

•

Monitor actions arising

from the risk register.

B. Describe the organisation’s processes

for managing climate-related risks

Compliant

•

Climate-related risks are documented,

mitigating actions are considered, a risk

rating is assigned and associated actions

are documented and followed up.

•

Monitor actions arising

from the risk register.

C. Describe how processes for identifying,

assessing, and managing climate-

related risks are integrated into the

organisation’s overall risk management

Compliant

•

Climate-related risks are managed

through our enterprise risk

management framework.

•

Monitor actions arising

from the risk register.

As part of our robust materiality assessment, we conducted

in-depth, topic-based and industry research to identify our

most material sustainability issues.

Through a detailed materiality matrix, we also identified

opportunities to enhance our sustainability performance by

focusing on reducing GHG emissions, monitoring product design

and lifecycle management, and mitigating biodiversity loss.

Our approach is to address these opportunities through targeted

initiatives in cleantech, increasing sustainability awareness and

capability, and climate adaptation.

Addressing these issues will involve closer collaboration with our

supply chain, particularly our global landlords and our top suppliers.

A key initiative in this regard is our Data Centre Management

Strategy, aimed at reducing our energy consumption. In collaboration

with our web development partner, Nexer, we have successfully

reduced the energy consumption of our websites by 50%, applying

eco-design principles.

Climate-related risks are managed through our NCC Group



which is detailed in the Risk Management section of the Annual

Report on page 70, uses a sophisticated risk model to assess

and score each risk based on likelihood and impact. Risks are

re-evaluated consistently to ensure we’re responsive

to evolving circumstances.

Our risk management approach combines “top-down strategic”

and “bottom-up operational” perspectives, fostering collaboration

and promoting efficient risk identification. With respect to climate-

related risks, we have outlined our strategies and targets for GHG

emissions reduction and biodiversity preservation.

These climate-related risks are integrated into our Principal Risks



plays an active role in the ongoing review of these risks, their

mitigations, controls and associated actions. This Committee

meets on a regular basis and follows a stringent process for

identifying, assessing, responding to and escalating serious

concerns related to these risks.

We firmly believe that this integrated and transparent approach

will ensure effective risk management aligned with the principles

of TCFD, while driving our strategic objectives for sustainability.

NCC Group plc 58

Obtain

assurance

Implement

internal

control

Adapt

ERM

erform

scenario

analysis

Integrate

into

reporting

Use

existing

tools

olicit

investor

feedback

Assess

financial

impacts

Collaborate

across the

business

Secure leadership buy-in

Establish Committee oversight



Metrics and targets

TCFD recommended disclosure Compliance NCC Group disclosure Focus areas for FY24

Metrics and targets

A. Disclose the metrics used by the

organisation to assess climate-

related risks and opportunities

in line with its strategy and risk

management process

Compliant

•

Reporting of greenhouse gas emissions

for FY23 compared to prior years.

•

Commitment to net zero before 2050

in line with the Paris Agreement with

regular reviews to improve as and when

broader Scope 3 data is available.

•

Climate-related performance metrics

incorporated into Remuneration



in line with our Planet Mark certification

commitment to reduce greenhouse gas

emissions year on year. In our first two

years, we are aiming to reduce our total

greenhouse gas

emissions

by 5%

recognising that as our data collection

matures and improves, we may need to



reduction in colleague intensity, but an



return to travel and office use following

the pandemic.

•

Improve Scope 3

data collection and

management to

accelerate NCC Group’s

net zero journey.

B. Disclose Scope 1, Scope 2, and,

if appropriate, Scope 3 greenhouse

gas emissions and the related risks

Partially

compliant



emissions

still in their

infancy

•



emissions for FY23 vs FY22.

•

Scope 3 emissions limited to business

travel, electricity transmission and

distribution losses, heat and steam

transmission and distribution losses.

•

Supplier engagement to provide data

was limited in response.

•

Colleague commuting data collated

as part of the materiality assessment but

not enough responses to

enable calculation.

•

Improve supplier and

colleague engagement

to gather required Scope

3 data from supply chain

activities and colleagues

in relation to commuting

and working from

home impact.

C. Describe the targets used

by the organisation to manage

climate-related risks and

opportunities and performance

against targets

Compliant

•

Set year two reduction in line with

Planet Mark recommendations of 5%. This

includes reducing colleague intensity by



intensity by 2.5%. We will also continue to

seek location intensity through better

understanding of our data and the steps

we can take to reduce our impact.

•

Seek opportunities,

as NCC Group’s

management of climate

change matures, to

accelerate achieving

net zero before 2050.



NCC Group plc 59

Strategic report

Meet the CFO

Q&A with Guy Ellis











Director after senior commercial







on all things finance. Prior to



Guy spent time as Interim







Director of the UK and APAC

Cyber Security business.

Q. What do you think the role of a finance department

should be?

The most effective finance functions act as a strategic force















Q. What are you going to bring to the role?

I’m experienced in driving through transformational change.





In the short term I’m focused on standardisation and simplification



scale at pace globally.



to both the executive team and the Board. I see that as a critical

element of my role.

Q. 



risk increases in tandem – so overall I have a positive outlook.









into the future.

Q. Where do you think the opportunities lie?





Security industry. We are building out our capabilities to offer





company to a fully global business.

The opportunities are significant. This is the right strategy.







60 NCC Group plc — 

2022/23 key activities

•

Finalised the full operational review of the Software

Resilience business to create additional

Group contribution

•

Completed a scheduled refinance process with

enhanced banking facilities

•

Continued to demonstrate effective cash management

with strong cash conversion

2023/24 priorities

•

Identify cost efficiencies across Cyber Security and

corporate functions, achieving in-year savings and full

annualised contribution from FY25 onwards

•

Drive transformational change in processes and insights

to support the business as we embed our strategy

•

Maintain strong cash conversion

Financial review











Guy Ellis

Chief Financial Officer

Overview of financial performance

2023 2022

Cyber

Security

£m

Software

Resilience

£m

Central

and

head office

£m

Group

£m

Cyber

Security

£m

Software

Resilience

£m

Central

and

head office

£m

Group

£m

Revenue 270.8 64.3 – 335.1 258.5 56.3 – 

Cost of sales   –    – 

Gross profit 86.1 45.9 – 132.0 92.3 40.3 – 

Gross margin % 31.8% 71.4% – 39.4% 35.7%  – 



       

Adjusted EBITDA

15.4 31.2  41.4  22.8  59.2

Depreciation and amortisation



       

Adjusted operating profit

6.9 30.6  28.8  22.0  

Amortisation of acquired

intangibles        

Share-based payments        

Individually Significant Items   –  –  – 

Operating (loss)/profit  22.3  1.9 28.9   34.7

Operating margin %  34.7% n/a 0.6%  28.5% n/a 

Finance costs  

  

Taxation  

  23.0

EPS

Basic EPS  7.4p

Adjusted basic EPS



6.1p 

 

an explanation of APMs and adjusting items.

2 Administrative expenses excludes depreciation and amortisation, amortisation of acquired intangibles, Share-based payments and individual significant items.

3 Depreciation and amortisation excludes amortisation of acquired intangibles.

2023 has been a challenging year for the Group, as our expected Revenue performance and consequently our gross profit and overall



experienced buying decision delays and cancellations in the North American tech sector and to lesser extent our UK market for Global

Professional Services.

NCC Group plc 61

Strategic report

Overview of financial performance continued

Encouragingly, no material clients have been lost, however this

sharp market correction had a direct impact on our revenue,

direct utilisation, gross profit and ultimately our profitability due

to the level of employee costs in the business and recognition of

Individually Significant items that mainly relate to the impairment

of North American Assurance Goodwill. These headwinds have

further reinforced the need to implement the next chapter of our

Group strategy and identify cost efficiencies across Cyber

Security and corporate functions, achieving FY24 savings and

full annualised contribution from FY25 onwards.

Turning back in detail to our FY23 performance, Group revenues







the prior year Software Resilience fair value revenue adjustment









In our Cyber Security business, the Europe, and UK and APAC

Cyber Security businesses grew on a constant currency basis







a constant currency basis





decline in tech sector spend.



constant currency basis





























In our Software Resilience division, following the completion of



year of IPM contract renewals, which contributed to overall









to these potential contract renewals, total Software Resilience









generated sale orders of £4.7m, an increase of 38% compared to









performance of the Cyber Security business and lower direct









and training costs arising from inflationary pressures and further



c.£6.5m. Other higher costs include an increase in non-client

travel and office costs (including the impact of our NCC













performance also incurred the indirect trading cost hosting our

in person global NCC Conferences in June 2022 for the first time



impact of c.£5m year-on-year, of which c.£2.3m related directly



Individually Significant Items incurred during the year amounted



in Goodwill of £9.8m for the North American Assurance business

following the recent reduction in spend by North American

technology clients and £4.2m in relation to fundamental

reorganisation costs as we reshape the Group to implement the

next chapter of the Group’s strategy. The impairment of North

American Assurance Goodwill has been recognised based on the



include costs associated with the strategic review of our





reorganisation. These were partially offset by a profit on disposal







profit performance, recognition of ISIs and after an increase in



The variable rate of interest cost increased due to the macro-

economic environment and the write off of existing arrangement













amounted to









Net debt excluding lease liabilities









Our Balance Sheet and facility headroom remains strong, during





multi-currency revolving credit facility and the remaining $46.7m

of the original $70m term loan that was maturing in June 2024.

The new facility now matures in December 2026 and includes a

£75m uncommitted accordion option. In addition, we also

secured an increase to our leverage covenant from 2.5x to 3.0x

with an additional acquisition spike to 3.5x for the first twelve

months of any acquisition. The weighted average margin of the

facility also decreased and is payable on a ratchet mechanism



on the level of the Group’s leverage. The average interest rate for

the year was 4.54% and is currently 6.27% following recent

changes to base interest rates.





that paid in the prior year as the Board is conscious of the need

to invest in new strategy and manage its net debt accordingly

following the challenging year.



Throughout this Financial Review, certain APMs are presented.

These APMs used by the Group are not defined terms under IFRS

and may therefore not be comparable with similarly titled

measures reported by other companies. They are not intended to

be a substitute for, or superior to, Generally Accepted



current year results and comparative periods where provided.

Financial review continued

NCC Group plc 62

This presentation is also consistent with the way that financial

performance is measured by management and reported to the

Board, and the basis of financial measures for senior

management’s compensation schemes and provides

supplementary information that assists the user in understanding

the financial performance, position and trends of the Group. At

all times, the Group aims to ensure that the Annual Report and

Accounts give a fair, balanced and understandable view of the



‘Presentation of Financial Statements’ requires the separate

presentation of items that are material in nature or scale in order

to allow the user of the accounts to understand underlying

business performance.

We believe these APMs provide readers with important

additional information on our business and this information is

relevant for use by investors, securities analysts and other

interested parties as supplemental measures of future potential

performance. However, since statutory measures can differ

significantly from the APMs and may be assessed differently by

the reader we encourage you to consider these figures together

with statutory reporting measures noted. Specifically, we would

note that APMs may not be comparable across different

companies and that certain profit related APMs may exclude

recurring business transactions (e.g. acquisition related costs



performance and cash flows.

As the Group manages internally its performance at an Adjusted

operating profit level (before Individually Significant Items,

amortisation of acquired intangibles and share-based



underlying trading of the business; this information is still

disclosed as an APM within this Annual Report. This APM is

reconciled to statutory operating profit, together with the

consequently Adjusted basic EPS (before amortisation of

acquisition intangibles, share-based payments and Individually



The Group has the following APMs/non-statutory measures:

•



•



•



•



•



•

Cash conversion which includes Adjusted EBITDA (reconciled



•



The above APMs are consistent with those reported for the year



and Software Resilience revenue excluding IPM acquisition

which have been removed now that the Group has comparable



The Group also reports certain geographic regions on a constant

currency basis to reflect the underlying performance considering

constant foreign exchange rates period on period. This involves

translating comparative numbers to current period rates for

comparability to enable a growth factor to be calculated. As

these measures are not statutory revenue numbers, management

considers these to be APMs.

Further detail is included within the Glossary of terms to

the Financial Statements that provides supplementary

information that assists the user in understanding these

APMs/non-statutory measures.

Financial summary

Summary Income Statement

2023

£m

2022

£m % change

Revenue 335.1  6.4%

Cost of sales   

Gross profit 132.0  

Depreciation and amortisation

  

Administrative expenses

  23.4%

Adjusted operating profit

28.8  

Individually Significant Items   

Acquired intangible amortisation   

Share-based payments   

Operating profit 1.9 34.7 

Finance costs   67.6%

   

Taxation   

  23.0 

EPS

Basic EPS  7.4p 

Adjusted Basic EPS



6.1p  

 

explanation of APMs and adjusting items.

2 Depreciation and amortisation excludes acquired intangible amortisation.

3 Administrative expenses excludes depreciation and amortisation, amortisation of acquired intangibles, share-based payments and Individually Significant Items.

NCC Group plc 63

Strategic report

Financial summary continued

Revenue summary

2023

£m

2022

£m

change at

actual rates

2023

£m

Constant

currency



2022

£m

% change at

constant





Cyber Security 270.8 258.5 4.8% 270.8 270.5 

Software Resilience 64.3 56.3  64.3 59.8 7.5%

Total revenue 335.1  6.4% 335.1 330.3 



at constant currency





Divisional performance

Cyber Security



Cyber Security revenue analysis – by originating country:

2023

£m

2022

£m

% change at

actual rates

2023

£m

Constant

currency



2022

£m

% change at

constant

currency



UK and APAC 118.4  3.3% 118.4  3.0%

North America 99.3  5.5% 99.3  

Europe 53.1 49.8 6.6% 53.1  3.9%

Total Cyber Security revenue 270.8 258.5 4.8% 270.8 270.5 







on a constancy currency basis







(increased









Turning to the performance between each half of the financial year, the following revenue analysis by originating country demonstrates



tech sector and the UK Market within Global Professional Services.

H1 2023

£m



£m

% change at

actual rates

H1 2023

£m

Constant

currency





£m

% change at

constant

currency



UK and APAC 61.6 54.6  61.6 55.0 

North America 59.2 44.0 34.5% 59.2  

Europe 24.2 24.6  24.2 24.9 

Total Cyber Security revenue 145.0   145.0  

H2 2023

£m

H2 2022

£m

% change at

actual rates

H2 2023

£m

Constant

currency



H2 2022

£m

% change at

constant

currency



UK and APAC 56.8 60.0  56.8 60.0 

North America 40.1   40.1 53.4 

Europe 28.9 25.2  28.9 26.2 

Total Cyber Security revenue 125.8   125.8  

Financial review continued

NCC Group plc 64

Divisional performance continued

Cyber Security revenue analysed by type of service/product line:

2023

£m

2022



£m

% change

at actual

rates

2023

£m

Constant

currency



2022







£m

% change at

constant

currency



 199.3  2.0% 199.3 205.6 

 67.8 58.6  67.8 60.3 

 3.7 4.5  3.7 4.6 

Total Cyber Security revenue 270.8 258.5 4.8% 270.8 270.5 

 

than product sales.









cancellations in the North American tech sector and our UK market.







service global sales orders for the forthcoming years increasing 72.5% YoY.

Turning to the performance between each half of the financial year, the following revenue analysis by type of service/product line



North American tech sector and the UK Market with Global Professional Services.

H1 2023

£m



£m

% change

at actual

rates

H1 2023

£m

Constant

currency





£m

% change at

constant

currency



 111.1 93.6  111.1  

 32.2 28.4  32.2  

 1.7   1.7  

Total Cyber Security revenue 145.0   145.0  

H2 2023

£m

H2 2022

£m

% change

at actual

rates

H2 2023

£m

Constant

currency



H2 2022

£m

% change at

constant

currency



 88.2   88.2  

 35.6 30.2  35.6  

 2.0 3.3  2.0 3.4 

Total Cyber Security revenue 125.8   125.8  

Cyber Security gross profit is analysed as follows:

2023

£m

2023

% margin

2022

£m

2022

% margin

% pts

change

UK and APAC 40.3 34.0% 46.4 40.5% 

North America 26.1 26.3% 29.8  

Europe 19.7 37.1%  32.3% 4.8% pts

Cyber Security gross profit and % margin 86.1 31.8% 92.3 35.7% 



lower technical attrition.

Turning to the performance between each half of the financial year, the following gross profit analysis by originating country further



H1 2023

£m

H1 2023

% margin



£m



% margin

% pts

change

UK and APAC 22.9 37.2% 22.4  

North America 16.6 28.0%  32.0% 

Europe 9.7 40.1% 7.9  8.0% pts

Cyber Security gross profit and % margin 49.2 33.9% 44.4 36.0% 

NCC Group plc 65

Strategic report

Divisional performance continued

Cyber Security continued



one-off item, the margin would have increased 3.8%.

H2 2023

£m

H2 2023

% margin

H2 2022

£m

H2 2022

% margin

% pts

change

UK and APAC 17.4 30.6% 24.0 40.0% 

North America 9.5 23.7%   

Europe 10.0 34.6% 8.2 32.5% 

Cyber Security gross profit and % margin 36.9 29.3% 47.9 35.4% 

Software Resilience



Software Resilience revenue analysis – by originating country:

2023

£m

2022

£m

% change

at actual

rates

2023

£m

Constant

currency



2022

£m

% change

at constant

currency



UK 25.8 25.4  25.8 25.4 

North America 34.5 26.8 28.7% 34.5 30.2 

Europe 4.0   4.0 4.2 

Total Software Resilience revenue 64.3 56.3  64.3 59.8 7.5%



, Software Resilience revenue decreased







Turning again to the performance between each half of the financial year, the following revenue analysis by originating country further



H1 2023

£m



£m

% change

at actual

rates

H1 2023

£m

Constant

currency





£m

% change

at constant

currency



UK 12.3   12.3  

North America 17.3  40.7% 17.3  

Europe 2.0 2.0 — 2.0 2.0 —

Total Software Resilience revenue 31.6 26.9  31.6 29.4 7.5%

H2 2023

£m

H2 2022

£m

% change

at actual

rates

H2 2023

£m

Constant

currency



H2 2022

£m

% change

at constant

currency



UK 13.5  5.5% 13.5  6.3%

North America 17.2   17.2  

Europe 2.0   2.0 2.2 

Total Software Resilience revenue 32.7 29.4  32.7 30.4 7.5%

Software Resilience revenues analysed by service line:

On a statutory basis

2023

£m

2022

£m

% change

at actual

rates

2023

£m

Constant

currency



2022

£m

% change

at constant

currency



Software Resilience contracts 42.8   42.8 40.4 5.9%

Verification services 21.5   21.5  

Total Software Resilience revenue 64.3 56.3  64.3 59.8 7.5%

Financial review continued

NCC Group plc 66

Divisional performance continued

Software Resilience continued

After considering the prior year Software Resilience fair value revenue adjustment









currency





FY23 statutory results, as the adjustment has unwound following the renewal of IPM contracts or completion of verification services.

Gross margin is analysed as follows:

2023

£m

2023

% margin

2022

£m

2022

% margin

% pts

change

UK 18.2 70.0%  69.3% 

North America 25.0 72.9%  74.3% 

Europe 2.7 67.5% 2.8 68.3% 

Software Resilience gross profit and % margin 45.9 71.4% 40.3  

, Software Resilience gross profit decreased



Turning again to the performance between each half of the financial year, the following gross profit analysis by originating country



H1 2023

£m

H1 2023

% margin



£m



% margin

% pts

change

UK 8.4 68.3% 9.0  

North America 12.6 72.8% 8.9 72.4% 0.4% pts

Europe 1.3 65.0%  70.0% 

Software Resilience gross profit and % margin 22.3 70.6%   

H2 2023

£m

H2 2023

% margin

H2 2022

£m

H2 2022

% margin

% pts

change

UK 9.8 72.6% 8.6 67.2% 5.4% pts

North America 12.4 72.1%  75.9% 

Europe 1.4 70.0%  66.7% 3.3% pts

Software Resilience gross profit and % margin 23.6 72.2%   0.8% pts

Individually Significant Items



2023

£m

2022

£m

North America Cyber Security goodwill impairment 9.8 —

Fundamental re-organisation costs 4.2 —

Costs associated with strategic review of Software Resilience business 3.0 —

NCC Group A/S goodwill impairment 3.0 —

IPM Software Resilience bushiness deferred income adjustment  —

Profit on disposal of DDI business  —

Costs directly attributable to the acquisition of IPM — 0.9

Total ISIs 14.7 0.9



for the NA Assurance business following the recent reduction in spend by North American technology clients and £4.2m in relation to

fundamental reorganisation costs as we reshaped the Group to implement the next chapter of the Group’s strategy. Costs associated





Finance costs

Finance costs for the period were £6.2m compared to £3.7m in 2022 due to an increase in borrowing following the IPM acquisition







December 2026. The average interest rate for the year was 4.54% and is currently 6.27% following recent changes to base interest



NCC Group plc 67

Strategic report

Taxation



factors including the non-deductibility impact of goodwill impairment. See note 6 for further details. The Group’s adjusted tax rate is



against the benefit of US R&D tax claims and a prior year credit in relation to the tax treatment of the IPM acquisition.



2023 2022

Statutory

Basic EPS  7.4p

Diluted EPS  7.4p

Adjusted

Basic EPS 6.1p 

Weighted average number of shares (million)

Basic 310.4 309.5

Diluted 311.2 

Cash flow and net debt

The table below summarises the Group’s cash flow and net debt



2023

£m

2022

£m

Operating cash inflow before movements in working capital 37.9 49.3

 19.7 

Decrease in inventories 0.1 0.2

  

Cash generated from operating activities before interest and taxation 42.6 60.3

Interest element of lease payments  

Finance interest paid  

Taxation paid  

Net cash generated from operating activities 32.1 54.8

Purchase of property, plant and equipment  

Software and development expenditure  

 2.0 —

Acquisition of trade and assets as part of a business combination  

Equity dividends paid  

  

Purchase of own shares  —

Proceeds from the issue of ordinary share capital 0.1 0.8

Net movement 4.8 





 83.3

  

Foreign exchange movement  

Closing net debt excluding lease liabilities

 

Lease liabilities  

Closing net debt

 

Financial review continued

NCC Group plc 68

Cash flow and net debt

continued

Net debt



can be reconciled as follows:

2023

£m

2022

£m

Cash and cash equivalents 34.1 73.2

Bank overdraft  —

  

Net debt excluding lease liabilities

 

Lease liabilities  

Net debt

 

The calculation of the cash conversion ratio



is set out below:

2023

£m

2022

£m

% change/

% pts

 42.6 60.3 

Adjusted EBITDA



 41.4 59.2 

Cash conversion ratio

 102.9%  

 

measures. See Note 3 for an explanation of APMs and adjusting items.













the remaining £3.8m is contingent on novation of certain customer contracts. £2m has been received post year end and it is expected

that the remaining proceeds will be received in FY24.

Borrowings



multi-currency revolving credit facility and the remaining $46.7m of the original $70m term loan that was maturing in June 2024. The

new facility now matures in December 2026 and includes an £75m uncommitted accordion option. In addition, we also secured an

increase to our leverage covenant from 2.5x to 3.0x with an additional acquisition spike to 3.5x for the first twelve months of any

acquisition. The weighted average margin of the facility also decreased and is payable on a ratchet mechanism above SONIA & SOFR



was 4.54% and is currently 6.27% following recent changes to base interest rates.

Dividends







This represents a dividend equal to that paid in the prior year as the Board is conscious of the need to invest in new strategy and

manage its net debt accordingly following the challenging year.





Guy Ellis



28 September 2023

NCC Group plc 69

Strategic report

Principal risks and uncertainties

Risk management

Risk is an inherent part of doing business and risk management

is a fundamental part of good corporate governance. A successful

risk management process balances risk and reward and is

underpinned by sound judgement of their impact and likelihood.

The Board has overall responsibility for ensuring that NCC Group

has an effective risk management framework, which is aligned

to our business objectives.

The Board has established a Risk Management Policy, which

has established protocols, including:

•

Roles and responsibilities for the risk management framework

•

Risk scoring framework

•

A definition of risk appetite



summarises the Group’s overall approach to risk management,

which is supported by a web-based tool – the Integrated Risk



management model described in the next section and records

both strategic and operational risk registers and tracks risk

mitigation action plans, helping embed ownership of risks and

treatment actions while also providing access to live management

information, which is used at both a Board and operational

management level.

NCC Group’s approach to risk management

NCC Group adopts both a “top-down” and “bottom-up” approach

to risk, to manage risk exposure across the Group to enable the

effective pursuit of strategic objectives. The approach is



The approach is one of collaboration, which supports our

comprehensive approach to risk identification, from the “top

down” and “bottom up”. The Group believes that this is the most

efficient and effective way to identify its business risks.

Top down

The Board, Audit Committee and Cyber Security Committee

review risks on an ongoing basis and are supported by the Executive

Committee and subject matter specialists (including Software

Resilience, Assurance, information security, data protection and



strategic objectives and any barriers to their achievement.

Bottom up

The Board and senior leadership team engage with colleagues

at every level of the Group in recognition of the importance of

their expertise, contribution and views. In relation to matters

of wrongdoing, or risks not being recognised and adequately

managed, the Group has a robust and effective whistleblowing

procedure, which is supported by the Safecall reporting line.

Embedded risk



NCC Group plc 70 NCC Group plc 70

Managing risk from the top down

Managing risk from the bottom up

Top down

Strategic risk management

Bottom up

Operational risk management

•

Establishing guidance on the Group’s

approach to risk management and

establishing the parameters for risk

appetite and associated decision making

•

Identification, review and management

of identified Group strategic risks and

associated actions

•

Ongoing consideration of:





Board

Audit Committee

Cyber Security

Committee

•

Periodically assessing the effectiveness

of the embedded Group risk

management process

•

Challenging the content of the strategic

risk register to support a comprehensive

and balanced assessment of risk

•

Reporting on the principal risks and

uncertainties of the Group

•

Implementing and embedding the Group’s

Risk Management Policy and approach

•

Directing the delivery of the Group’s

identified actions associated with

managing/mitigating risk

•

Identification of key risk indicators,

monitoring and taking timely action

where appropriate

Executive Board

and

leadership team

•

Responsible for reviewing the operational

risks across the business units and Group

•

Challenging the appropriateness and

adequacy of proposed action plans

to mitigate risk

•

Giving due consideration to the

aggregation of risk across the Group

•

Provisioning suitable cross-functional/

business unit resource to effectively

manage risk where appropriate

•

Instrumental in developing the risk

management framework adopted by

the Board

•

Providing governance and control over

the IRMS

•

Conduit between the Board and the

business units – providing training

and support where appropriate

•

Developing and executing a risk-based

internal audit plan to assess the

management of risks

Global governance

function, incl.

dedicated CISO

•

Ongoing monitoring and reporting to

the Board in relation to the progress being

made by the business units in implementing

agreed action plans to mitigate strategic risk

•

CISO dedicated to the identification,

management, monitoring and reporting of

data security risks

•

Execution of the delivery of the Group’s

identified actions associated with

managing risk

•

Timely reporting on the implementation

and progress of agreed action plans

•

Provision of key risk indicator updates

Business units

•

Identification and reporting of strategic risk

to the Board

•

Provision of reports and data relating

to significant emerging risks to the Group



•

Implementation of risk management

approach which promotes the ongoing

identification, evaluation, prioritisation,

mitigation and monitoring of

operational risk

Effective pursuit of strategic objectives

NCC Group plc 71

Strategic report

Risk management model

The Board has overall responsibility for ensuring that NCC Group

adopts an effective risk management model, which is aligned to

our objectives and promotes good risk management practice.

We have therefore adopted the model described in this section

and summarised in the diagram above.

The Board, Audit Committee, Cyber Security Committee and

executive management team review risks on an ongoing basis

throughout the year. The appropriateness and relevance of the



global governance team to ensure that it continues to be updated,

meets the needs of the Group and remains in line with good risk

management practice. In addition, there is a robust process in place

for monitoring and reporting the implementation of agreed actions.

We are satisfied that the Risk Management Policy, framework

and model currently in place are sufficient to manage risk across

the Group.

The key areas of identifying, assessing, addressing and

monitoring risks are explained in more detail below:

Identify

Risks exist within all areas of our business and it is important for

us to identify and understand the degree to which their impact and

likelihood of occurrence will affect the delivery of our key objectives.

This is achieved through day-to-day working practices and

incorporates risks in both the internal and external environment.

Examples of identification include horizon scanning for emerging

risks such as increasing energy costs, takeover risks, legislative

and market changes and geopolitical risks.

All identified risks are initially assessed for their “inherent” risk



accounts for the likelihood of an event occurring and the impact

that it may have on the Group. The scoring mechanism adopted

takes account of high impact, low likelihood events and these

risks are managed in a timely manner.

In addition to ongoing risk identification, an annual exercise is

undertaken to review the Group’s strategic risk universe by the

Board. This exercise is reliant on the “top-down”, “bottom-up”

approach discussed earlier.

Assess

Post-identification of the Group’s inherent risk exposure,

a comprehensive assessment of the effectiveness of current

mitigating controls is undertaken. This exercise takes account

of the design of the current control environment and the

application of these controls prior to assessing the Group’s

current exposure to risk – mitigated risk score. The Board uses

a number of sources of information to support the scoring

of risk and these include, but are not limited to:

•

Management updates

•

Action tracking and reporting

•

Control environment policies and procedures

•

Independent audit activity

•

Project monitoring reports

Address

Having identified and assessed the risks faced by the Group, the

risks are scored according to likelihood of occurring and impact

to the business should they occur. The risks are then mapped

according to their rating onto a risk heat map, which reflects the

Group’s overall risk appetite set by the Board. The Group’s Risk

Management Policy then provides guidance on the expected

level of response to those risks, depending on where they sit on

the risk heat map. The heat map shows the four bandings in the

different shades of risks as set out below as well as expected

actions and responses to risks in these areas:

•

Green – within appetite. Ongoing monitoring in place.

•

Amber – out of appetite. Some actions are required to treat

the risk to bring this within acceptable levels.

•

Purple – significantly out of appetite. High combination of

residual probability and impact. Management actions are

required, with some urgency, to treat the risk, reducing this

to acceptable levels.

•

Grey/black – risks that are deemed to have such an impact

that they could theoretically impact the ability of the business

to continue in existence. If any, they would need consideration

in assessing in the Directors’ Viability Statement.

The below heat map shows the residual risk after mitigation.





An assessment of whether additional actions are required to

reduce our risk exposure is undertaken, with actions falling

into the one of four categories:

•

Treat – develop an action plan (applying responsibility,



implementation of additional controls, or increase the

requirement for additional assurance over the adequacy

and effectiveness of the existing controls.

•

Transfer – use a third party specialist to undertake the activity,

thus mitigating the risk.

•

Tolerate – determine the risk is within appetite.

•

Terminate – exit the activity.

Output from the evaluation of strategic risks has resulted in

milestone plans owned by senior business leaders, or has been

used in the development of the Group’s transformation programme.

Risk

management

model

Assess

adequacy and

effectiveness

of existing

controls

Identify

risks

Identify

inherent risks

and likelihood

of impact

Monitor

delivery of

action plans/

risk universe

Assign

Director-

level

sponsorship

Evaluate

mitigated risks

and likelihood

of impact

Develop

action plans

(

treat, transfer,

tolerate,



Principal risks and uncertainties continued

NCC Group plc 72

Monitor

Ongoing monitoring of risks and related actions is key to the

implementation of our risk management model and, therefore,

NCC Group is committed to making enterprise-wide risk

management part of business as usual. Examples of ongoing

monitoring of business risks include, but are not limited to:

•

Annual review of the external audit strategy and plan by the

Audit Committee and Chief Financial Officer to ensure inclusion

of key financial risks

•

Annual review of the annual internal audit plan to validate

that it incorporates key areas of business risk

•

A review of internal audit reports issued during the period,

including a summary of progress against previously raised

management actions at each Audit Committee meeting

•

Annual review of the strategic risk register by the Enterprise

Risk Management Steering Group and Board to ensure that

it includes risks arising in year

Internal control

While risk management identifies threats to the Group achieving

its strategic objectives, internal controls are designed to provide

assurance that these objectives are being achieved, such as the

effectiveness and efficiency of operations and delivery, accurate

and reliable financial reporting, and compliance with applicable

laws and regulation.

NCC Group has established a robust internal control framework,

which is made up of a number of components:

Control environment

The control environment has primarily been established taking

account of the Group’s values (working together; being brilliantly



Code of Ethics, which sets the foundations for the expected

behaviours, values and competencies for all colleagues across the

Group. The Board, Executive Committee and extended leadership

team lead by example and strive to maintain effective control

environments, while also maintaining integrity and transparency.

Risk assessments

Risk assessments are conducted at both a strategic and operational

level of the Group and support the Group in understanding the

risks that it faces and the controls in place to mitigate them.

Importantly, they provide a mechanism to identify operational

improvements and are vital in our transformational programmes.

Low

0 



2 3 4 5

High

Impact

Likelihood

Low High



number



number Risk

1 1

Ineffective execution of the Group’s strategy



2 2

Poor and/or ineffective change management

mechanisms (previously management of



n/a

Over-reliance on market sector, region, products/



4 6

Cyber attack (previously information security risk



5 4

Significant business systems failure (previously



n/a



7 7

Insufficient quality, integrity and availability

of management information (previously quality

of management information systems and internal



n/a



n/a



n/a



n/a



12 5

Inability to retain/recruit colleagues to meet

the resource needs of the business (previously

attracting and retaining appropriate colleague



13 3

Poor colleague health and wellbeing, including



n/a

Economic changes/volatility impact on revenue



n/a

Unable to meet the service and resource needs



n/a 

n/a 

18 9

International trade (previously international trade



n/a



n/a Undertaking work with disreputable clients or



n/a Service delivery does not achieve established



Loss of internationally recognised quality

and security standards (previously quality



n/a Criminal and civil legal action resulting in fines



Inability to identify and adopt emerging

regulations in a timely manner (previously



Policies and procedures

Established policies communicate expected behaviours and

these are supported through procedures and guidelines defining

required processes and controls. This in turn supports the

business to adopt efficient and effective control environments.

Information and communication

Access to accurate and timely data is key in supporting our

colleagues to make decisions and to be well informed in order

to conduct, manage and control their areas of responsibility.

NCC Group plc 73

Strategic report

Principal risks and uncertainties continued

A. Strategy

1. Ineffective execution of the Group’s strategy

Link to strategy: Our clients Our capabilities Global delivery Differentiated brands

Previous risk name

Business strategy

Risk owner

Mike Maddison,

CEO

isk impact

A poor strategy or ineffective execution of a

strategy could have a material negative impact

on the Group’s financial performance and value.

It would potentially weaken the Group

compared to its competitors and risk the

Group’s established position in the marketplace.

Risk movement

Key controls and mitigating factors

New strategy launched in February 2023 and in

process of being implemented with full Board

support.

New leadership team in place, including new Head

of Strategy.

Strategy accelerated (delivery centre in Manila due



being made.

2. Poor and/or ineffective change management mechanisms

Link to strategy: Our clients Our capabilities Global delivery Differentiated brands

Previous risk name

Management of

strategic change

Risk owner

Mike Maddison,

CEO

isk impact

Implementation of projects that then cost more

to deliver, take longer to deliver and result in



Poor delivery of change could ultimately impair

business performance.

As the Group adapts and executes its strategy,

there are a number of complex projects and

initiatives that not only need to be delivered

but also require understanding and support

from all colleagues.

Risk movement

Key controls and mitigating factors

The Group has recently recruited a new Head

of Strategy who will manage the implementation

alongside key stakeholders.

New leadership team in place to drive the new

strategy.

Development of business cases which clearly

articulate project objectives including delivery

metrics which are monitored.

Internal control continued

Activity monitoring

The minimum financial controls framework was established in

FY20. Further enhancement of the framework is being designed

and implemented to align with the Corporate Reform and

upcoming Directors’ attestation of internal controls.

Financial accounting and reporting follow generally accepted

accounting practices.

Group review and approval procedures exist in relation to major

areas of risk and require Executive Committee/Board approval,

including mergers and acquisitions, major contracts, capital

expenditure, litigation, treasury management and taxation policies.

Compliance with all legislation, current and new, is closely monitored.

Risk and control reporting structure

During the current financial year, NCC Group has continued

to focus on embedding the “three lines of defence” to provide

a robust internal controls structure that will support the Board,

Audit Committee, Cyber Committee, Executive Committee and

extended leadership team with accurate and reliable information

in relation to the systems of internal control.

Three lines of defence:

•

First line

•

Second line – information security, data protection, health

and safety, and legal

•

Third line – risk and assurance, incorporating internal audit,

standards and support, assessing compliance with standards

and external audit, both financial and operational, providing

independent challenge and assessment

Principal risks and uncertainties

The introduction of the new strategy in February 2023, and

introduction of new Executive Committee members, has resulted

in a revisit and relaunch of the Company’s risk management

framework giving rise to a robust assessment of principal risks and

thus resulting in changes to the identified risks and uncertainties.

The Group continues to operate in a particularly dynamic

and evolving marketplace. The current risk register has been

developed to reflect those factors and includes those risks that

would threaten its business model, future performance, solvency

or liquidity. Detailed descriptions of the current principal risks

and uncertainties faced by the Group, their potential impact

and mitigating processes and controls are set out below.

The heat map on page 73 provides a pictorial representation

of the Group’s net risks and their direction of travel.

The strategic risks are based on the four pillars: our clients,

our capabilities, global delivery and differentiated brands.

We have identified eight risk themes:

A. Strategy – this is the overarching strategic risk

yber and information security

C. Innovation and product development

eople and partners

E. Market and competition

rand and reputation

G. Quality and delivery

egal, regulatory compliance and governance

Extraordinary risk during the year

Customer concentration risk materialised and due to some large US-based tech customers not renewing their contracts, this had

an adverse effect on revenue resulting in the profit warning. We did recognise this as a risk in FY22 as part of business strategy

and viability risk, but the new strategy looks to diversify our client base to ensure this does not occur again.

NCC Group plc 74

Risk movement: Increased Decreased Unchanged

Viability risk:

w risk:

Risk impact: High    

A. Strategy continued

3. Over-reliance on market sector, product/service or client

Link to strategy: Our clients Our capabilities Global delivery Differentiated brands

Previous risk name

N/A

Risk owner

Mike Maddison,

CEO

Risk impact

A loss of key customers or over-reliance

on market sector can result in a reduction

in revenue and consequential impact on

profitability and cash generation.

Risk movement

Key controls and mitigating factors

The new strategy looks to help mitigate this risk

and ensure we don’t have any future overexposure

to a market sector or client.

Viability risk considers this as part of the

scenarios modelled.

B. Cyber and information security

4. Cyber attack

Link to strategy: Our capabilities Global delivery Differentiated brands

Previous risk name

Information security risk



Risk owner

Rebecca Fox,

CIO

Risk impact

Data breach leading to fines from regulators

and reputational damage.

Lack of availability in systems.

Inability to operate services resulting in loss

of customer trust, resulting in loss of revenue

and negative impact on share price.

Impact on national security due to our work

with government clients.

Risk movement

Key controls and mitigating factors

The Board operates a Cyber Security Committee

chaired by a NED.

All colleagues globally are required to undertake annual

and ongoing security training and updates to alert

them to potential methods of security breach and to

their responsibilities in safeguarding information and

reporting potential issues.

Security testing is regularly carried out on the

Group’s infrastructure and there are extensive

response plans, which are tested.

Comprehensive plans are in place and being

delivered associated with discharging our data

protection obligations.

Deployed an Information Security Management



5. Significant business systems failure

Link to strategy: Our capabilities Global delivery Differentiated brands

Previous risk name

Availability of critical

information systems

Risk owner

Rebecca Fox,

CIO

Risk impact

Inability to transact, operate and deliver

services resulting in loss of customer trust,

resulting in loss of revenue and negative

impact on share price.

Risk movement

Key controls and mitigating factors

Deployed an Information Security Management



IT strategy of continued cloud migration which

has greater resilience and availability.

Business Continuity Plans, including Crisis

Management, in place and tested regularly.

Change management process in place within

IT which assists a reduction in incidents caused

by human error.

Backups in place and single points of failure

identified and mitigated in the event of

prolonged loss of systems.

6. Loss of client/colleague data

Link to strategy: Our clients Differentiated brands

Previous risk name

N/A

Risk owner

Guy Ellis,

CFO

Risk impact

Data breach leading to fines from regulators

and reputational damage.

Risk movement

Key controls and mitigating factors

Deployed an Information Security Management



Regular compliance training, including data

protection, provided to all colleagues at least annually.

Information classification and handling and data

privacy policies in place.

NCC Group plc 75

Strategic report

Principal risks and uncertainties continued

B. Cyber and information security continued

7. Insufficient quality, integrity and availability of management information

Link to strategy: Our clients Our capabilities Global delivery

Previous risk name

Quality of management

information systems and

internal business processes

Risk owner

Guy Ellis,

CFO

Risk impact

Suboptimal business decision making and

performance as key financial performance

data is not available or trusted.

Risk movement

Key controls and mitigating factors



Standardised business process control standards are

in place and subject to regular review by the global

standards and support team.

C. Innovation and product development

8. Intellectual property theft or exposure

Link to strategy: Differentiated brands

Previous risk name

N/A

Risk owner

Siân John,

CTO

Risk impact

Reputational damage from losing client data

and industrial espionage, resulting in loss of

revenue and loss of competitive advantage

from threat of malicious actors.

Risk movement

Key controls and mitigating factors

Security and technical controls in place through our



9. Ineffectual product/service management

Link to strategy: Global delivery

Previous risk name

N/A

Risk owner

Siân John,

CTO

Risk impact

Loss of revenue from uncompetitive solutions

and failure to compete effectively.

Failure to align to the business strategy

resulting in lack of client trust leading

to a loss of clients.

Failure to maintain competitive advantage.

Ineffectual marketing strategy.

Risk movement

Key controls and mitigating factors

Suitably qualified and experienced product managers.

Quality review process.

Customer feedback and escalation process.

Marketing strategy in place focused on

product development.

10. Failed product/service launch

Link to strategy: Global delivery

Previous risk name

N/A

Risk owner

Kevin Brown,

COO

Risk impact

Cost implications.

Reputational damage.

Loss of colleague morale.

Loss of customer trust.

Poor development processes.

Insufficient speed of execution.

Risk movement

Key controls and mitigating factors

Robust planning processes and consultation



Management oversight and review process.

Use of modern development practices such

as “Agile” and “design thinking”.

Principal risks and uncertainties continued

Risk movement: Increased Decreased Unchanged

Viability risk:

ew risk:

Risk impact: High    

NCC Group plc 76

D. People and partners

11. Insufficient workforce resilience

Link to strategy: Our capabilities

Previous risk name

N/A

Risk owner

Michelle Porteus,

Chief People Officer

Risk impact

Inability to deliver to clients resulting in loss

of revenue.

Loss of colleague morale and risk of “burnout”.

Risk movement

Key controls and mitigating factors

Workforce resourcing managed by Chief

People Officer.

Full review of workforce requirements

undertaken as part of strategic review.

12. Inability to retain/recruit colleagues to meet the resource needs of the business

Link to strategy: Our capabilities

Previous risk name

Attracting and retaining

appropriate colleague

capacity and capability

Risk owner

Michelle Porteus,

Chief People Officer

Risk impact

Loss of key colleagues or significant colleague

turnover could result in a lack of necessary

expertise or continuity to execute the

Group’s strategy.

An inability to attract and retain sufficient high

calibre colleagues could become a barrier to the

continued success and growth of NCC Group.

Risk movement

Key controls and mitigating factors

Colleagues are offered an industry aligned

salary and benefits package, which can include

participation in share schemes, salary sacrifice

car scheme and retail discount offerings.

Improved communications with our colleagues

managed by the new Chief Marketing Officer.

New global delivery and operations centre opened

in Manila in September 2023

13. Poor colleague health and wellbeing, including pandemic

Link to strategy: Our capabilities

Previous risk name

Global pandemic

Risk owner

Michelle Porteus,

Chief People Officer

Risk impact

High turnover of staff based on low colleague

morale or “burnout”.

If significant number of colleagues are unable

to work this will impact client delivery and

could lead to a loss of revenue.

Risk movement

Key controls and mitigating factors

Various channels available to colleagues

to support with health and wellbeing.

Colleagues continue to successfully work in a

hybrid manner, delivering remote client services.

Mental health allies across the business.

Attractive office environments globally.

Risk assessments carried out regularly, for

example display screen equipment and shift workers.

E. Market and competition

14. Economic changes/volatility impact on revenue and profitability

Link to strategy: Our clients Our capabilities Global delivery Differentiated brands

Previous risk name

N/A

Risk owner

Mike Maddison,

CEO

Risk impact

Loss of clients or reduction in client spend will

result in a loss of revenue. Increases to interest

rates or inflation will impact profitability.

Risk movement

Key controls and mitigating factors

Strategy accelerated (delivery centre in Manila due



being made, making NCC Group more resilient to

economic changes. Increased cost control

measures and actions.

Risk movement: Increased Decreased Unchanged

Viability risk:

ew risk:

Risk impact: High    

NCC Group plc 77

Strategic report

Principal risks and uncertainties continued

E. Market and competition continued

15. Unable to continue to meet the service and resource needs of our clients

Link to strategy: Our capabilities Global delivery

Previous risk name

N/A

Risk owner

Mike Maddison,

CEO

Risk impact

Loss of clients will result in a loss of revenue

and reputational damage.

Risk movement

Key controls and mitigating factors

New strategy includes capabilities as a key

pillar and the business has been restructured

to mitigate this risk.

16. Lack of visibility in the marketplace

Link to strategy: Our clients Our capabilities Global delivery Differentiated brands

Previous risk name

N/A

Risk owner

Mike Maddison,

CEO

Risk impact

Loss of clients will result in a loss of revenue.

Risk movement

Key controls and mitigating factors

Chief Marketing Officer is planning a rebrand

as per the new strategy.

Continue to publish expert advice and

content publicly.

17. Reliance on relationships with third parties

Link to strategy: Our clients Our capabilities Global delivery Differentiated brands

Previous risk name

N/A

Risk owner

Mike Maddison,

CEO

Risk impact

Loss of margin.

Reputational damage if third parties

don’t deliver.

Risk movement

Key controls and mitigating factors

Contracts in place with third parties.

Ongoing review of service and delivery

from third parties.

18. International trade

Link to strategy: Our clients Our capabilities Global delivery Differentiated brands

Previous risk name

International trade



Risk owner

Kevin Brown,

Chief Operating Officer

Risk impact

Failure to comply with changing global regulations

may cause disruption to our business.

Risk movement

Key controls and mitigating factors

The new strategy is focused on globalisation

and thus the resource structure is being designed

to promote global delivery.

F. Brand and reputation

19. Adverse publicity in news and social media

Link to strategy: Differentiated brands

Previous risk name

N/A

Risk owner

Angela Brown,

Chief Marketing Officer

Risk impact

Reputational damage leading to loss of existing

and potential clients resulting in loss of revenue.

Risk movement

Key controls and mitigating factors

Policies and procedures in place which follow

good practice and ethics.

Research quality review process managed

by a panel of experts.

Risk movement: Increased Decreased Unchanged

Viability risk:

ew risk:

Risk impact: High    

NCC Group plc 78

F. Brand and reputation continued

20. Undertaking work with disreputable clients or in sanctioned/undesirable jurisdictions

Link to strategy: Our clients Global delivery

Previous risk name

N/A

Risk owner

Angela Brown,

Chief Marketing Officer

Risk impact

Reputational damage.

Potential fines.

Risk movement

Key controls and mitigating factors

Country risk assessment process in place

for new business.

Higher risk countries have a risk assessment

completed and approved appropriately.

G. Quality and delivery

21. Service delivery does not achieve established quality standards

Link to strategy: Our clients Our capabilities

Previous risk name

N/A

Risk owner



Chief Operating Officer





Managing Director

Risk impact

Clients don’t renew, have their SLA breached

or cancel mid-service leading to loss of revenue.

Negligence in delivery leading to legal action

or loss of revenue and reputational damage.

Risk movement

Key controls and mitigating factors

Quality assurance processes in place.

Standard methodologies and procedures followed.

Customer feedback and complaints process.

Ongoing internal training programmes.

22. Loss of internationally recognised quality and security standards

Link to strategy: Our capabilities Global delivery Differentiated brands

Previous risk name

Quality and security

management systems

Risk owner

Guy Ellis,

CFO

Risk impact

The risk of the Group failing to retain a core



consequential loss of key customer accounts

or ability to operate.

Risk movement

Key controls and mitigating factors

We operate a comprehensive programme

to ensure the retention of our core standards.

Policies and procedures in place and audited

against the design and application.

External assessors conduct audits at least

annually confirming the retention of our quality

and security standards.

We have extended our ISO standards to more

locations during FY23.

H. Legal, regulatory compliance and governance

23. Criminal and civil legal action resulting in fines and incarceration

Link to strategy: Our clients Global delivery Differentiated brands

Previous risk name

N/A

Risk owner

Guy Ellis,

CFO

Risk impact

Reputational damage from legal action being

taken and financial impact of the fines and the

impact it may have on key customer accounts.

Risk movement

Key controls and mitigating factors

Legal team reviews customer contracts.

Annual compliance training undertaken including ethics

(covering anti-bribery and corruption, whistleblowing,



and safety, information security and data protection.

Risk movement: Increased Decreased Unchanged

Viability risk:

ew risk:

Risk impact: High    

NCC Group plc 79

Strategic report

In addition to identifying the Group strategic risks, we continuously review and monitor emerging risks through horizon scanning;

publications; assessing regulatory changes and how they may impact the Group; and ensuring adequate oversight over

significant projects.

Emerging risks

Risk area Risk Risk description Mitigating controls

People and partners Pandemic 



Colleagues can deliver client

services remotely.

Market and

competition

Blackouts Potential energy supply shortages

as a result of supply issues created

by the Russian invasion of Ukraine.

Emergency backup generators

in place and tested.

Property portfolio being reviewed.

Increasing energy costs Energy costs have increased

significantly since the Russian

invasion of Ukraine.

Factored into budget.

Geopolitical Legislative change; political party

change; and Russian invasion of Ukraine.

Country risk assessment process

in place for new business.

Takeover

Profit warning and significant drop

in the share price expose the Group

to a takeover.

New strategy being implemented.

Quality and delivery Off-shoring Geopolitical landscape, including

changing legislation and taxation.

Project team considering all key

risks and using subject matter



Extending ISO certifications to

include new centre of excellence.

Project management Significant number of large

scale projects which need

to be adequately managed.

New Head of Strategy responsible

for project management.

Development of business cases

which clearly articulate project

objectives including delivery

metrics which are monitored.

Principal risks and uncertainties continued

H. Legal, regulatory compliance and governance continued

24. Inability to identify and adopt emerging regulations in a timely manner

Link to strategy: Our clients Global delivery Differentiated brands

Previous risk name

Sustainability/climate change

Risk owner

Guy Ellis,

Chief Financial Officer

Risk impact

Non-compliance with regulations resulting in

fines from regulators and reputational damage

leading to loss of key customer accounts and

shareholder investment.

Risk movement

Key controls and mitigating factors

TCFD came in last year and we disclosed accordingly.

Horizon scanning for new regulations, for example

CSRD, ISSB, Corporate Governance Reform and NIS.

Risk movement: Increased Decreased Unchanged

Viability risk:

ew risk:

Risk impact: High    

NCC Group plc 80

Viability statement

The context for assessment In accordance with the requirements

of the UK Corporate Governance Code, the aim of the Viability

Statement is for the Directors to report on the assessment of the

prospects of the Group meeting its liabilities over the assessment

period, considering the current financial position, outlook,

principal risks and uncertainties, and key judgements and

estimates in preparing the Financial Statements.

The Directors have based their assessment of viability on the

Group’s current business model and strategic plan, which is

updated and approved annually by the Board, in line with our

objectives to deliver sustainable and profitable growth, increase

shareholder value and offer an improved service and product

offering to our customers. This is underpinned by the strategic

priorities outlined on pages 24 to 27 of the Strategic Report. The

effective management of principal risks and uncertainties is

outlined within pages 70 to 80 and this assessment emphasises

those risks that could theoretically threaten the Group’s ability to



The assessment period

The Directors have assessed the viability of the Group over the

three-year period to May 2026, as this is an appropriate planning

time horizon given the speed of change and customer demand in

the industry and is in line with the Group’s strategic planning period.

Assessment of viability

The viability of the Group has been assessed considering the

Group’s current financial position, available bank facilities, and

the Board approved FY24 budget and three-year strategic plan.

It’s been a challenging year for the Group with a decline in the rate

of revenue growth and overall profitability, resulting in a loss

before taxation of £4.3m. The Group’s revenue performance and

profitability suffered from market volatility within Cyber Security



In particular, the Group experienced buying decision delays and

cancellations in the North American tech sector and our UK

market. These headwinds have further reinforced the need to

accelerate the implementation of our next chapter of the Group

strategy following its communication in February 2023. This strategy

requires a level of additional investment in 2024. Despite the above,

the Group has maintained consistent cash generation during the year.

Following the year end, the Group has engaged in additional

generating cost efficiencies across Cyber Security



and corporate

functions which is resulting in the implementation of a fundamental

reorganisation generating further savings compared to the prior

year. As a result of all of the above, the base case budget for

FY24 has been prepared on the basis that market volatility within

Cyber Security



partially continues with overall profitability

remaining similar to 2023.

In addition, the base case budget for FY24 also reflects recent

growth patterns in the other geographical regions and operating

segments, relevant growth opportunities for the Group based on

existing propositions and factoring in current macro-economic

factors most specifically existing inflationary pressures.

The Directors have also modelled the impact of certain severe

but plausible scenarios arising from the principal risks, which

have the greatest potential impact on viability in the period under

review, as set out in the table below. Further details of how these

sensitivities have been applied are provided in the going concern



The impact of these sensitivities has been reviewed against the

Group’s projected cash flow position, available bank facilities

and compliance with financial covenants over the three-year



Group’s financing arrangements and expiry dates. The sensitivities

applied under stress testing show adequate levels of headroom

and that no mitigating actions are required to address severe but

plausible scenarios modelled by management.

While noting that no mitigating actions are required to address

severe but plausible scenarios modelled by management, options

available include a reduction of planned capital expenditure,

headcount reduction, freezing pay and recruitment and not

paying a dividend to shareholders, all of which are within the

Directors’ control and give an additional level of headroom.

Conclusions

Based on these severe but possible scenarios, the Directors

have a reasonable expectation that the Group and Company will

be able to continue in operation and remain commercially viable

over the three year period of assessment.

Viability risk

Risk as applied to viability

assessment Specifics of scenario modelled Potential impact

Ineffective

execution of the

Group’s strategy

Inability to retain/

recruit colleagues

to meet the

resource needs

of the business

A poor strategy or ineffective

execution of a strategy could

have a material negative

impact on the Group’s financial

performance and value.

Loss of key colleagues or

significant colleague turnover

could result in a lack of

necessary expertise or

continuity to execute the

Group’s strategy.

In order to consider the impact of the

risks identified management has

modelled two scenarios:



Assurance business does not improve

beyond that seen in FY23 Q4.



to be implemented as part of the

Group’s strategy are not executed.

Scenario modelled assumes annualised

impact of £3.2m adverse impact

on profitability.

The impact of these sensitivities has been

reviewed against the Group’s projected cash

flow position, available bank facilities and

compliance with financial covenants over the

three year viability period. The sensitivities

applied under stress testing show adequate

levels of headroom and that no mitigating

actions are required.

Over reliance

on market sector

or client

Economic changes/

volatility impact

on revenue

A loss of key customers or

over-reliance on market sector

can result in a reduction in

revenue and consequential

impact on profitability and

cash generation.

Loss of clients or reduction in

client spend will result in a loss

of revenue.

Scenario modelled assumes loss of key

customers resulting in a reduction in

profitability of £4.2m.

The impact of these sensitivities has been

reviewed against the Group’s projected cash

flow position, available bank facilities and

compliance with financial covenants over the

three year viability period. The sensitivities

applied under stress testing show adequate

levels of headroom and that no mitigating

actions are required.

Economic changes/

volatility impact

on profitability

Being a global organisation the

Group is exposed to global and

regional macro-economic

factors such as inflation and

rising interest rates.

Scenario modelled assumes additional

wage increases to align with regional

inflation rates across different

geographies of £5.0m. UK Interest rates

on borrowings forecast to rise a further

0.75% from original forecast. Incremental

annual utility costs of £0.2m included.

The impact of these sensitivities has been

reviewed against the Group’s projected cash flow

position, available bank facilities and compliance

with financial covenants over the three year

viability period. The sensitivities applied under

stress testing show adequate levels of headroom

and that no mitigating actions are required.

NCC Group plc 81

Strategic report

82 NCC Group plc — 

The Board is committed to creating and

maintaining a culture where strong levels

of governance thrive throughout the

organisation, specifically ensuring that we send

out consistent messages on our values and

acceptable behaviours for our colleagues,

our customers, our suppliers and our advisers.

In this section

84 Chair’s introduction to governance

87 Governance framework

88 Board of Directors

90 Executive Committee

92 Board composition and division of responsibilities

102 Shareholder engagement

103 Audit Committee report

110 Nomination Committee report

113 Cyber Security Committee report

115 Remuneration Committee report

138 Directors’ report

142 Directors’ responsibilities statement

Governance

NCC Group plc 83

2022/23 highlights

•

Continued to hear from our designated NED for workforce

engagement who reports to every Board meeting

•

Recruited and on-boarded a new independent



a new perspective and dynamic to our Board discussions,

and now chairs the Audit Committee

•

Undertook our first ever externally facilitated Board

and Committee evaluation

•

Agreed a revised strategy

•

The Board visited North America and had the opportunity

to meet with colleagues

2023/24 priorities

•



a successful start

•

Continuing to focus on our stakeholders, particularly

in-person colleague engagement

•

Supporting the executive team with embedding the

new strategy

•

Working through the key priorities raised in the Board

evaluation and having regular check-ins on these

throughout the year

•

Supporting the executive team to set up our delivery

centre in the Philippines

Dear Shareholder

On behalf of the Board, I am pleased to present the Corporate

Governance Report for the year ended 31 May 2023. Throughout

the year the Board has worked cohesively as a team to enable

the Company to successfully navigate a turbulent and uncertain

period. I would like to thank the Board for its wise counsel and

continued efforts during this time. The Board is composed of

highly skilled and experienced Directors from a diverse range of

industries and backgrounds, all of whom contribute towards the

long-term success of the Company and show commitment and

enthusiasm in the performance of their roles and duties. The

Board believes that good governance is key to the long-term

success of the Group and is committed to achieving high

standards of governance.

I would like to thank all of my Board colleagues for their commitment,

support and flexibility over the past year. While we welcome

a return to face-to-face meetings, a number of our Board

meetings were conducted in a virtual environment by necessity.

This new hybrid way of working has enabled us to maintain

strong governance and robust decision making, delivering

against our strategy. During the year, a particular highlight was

our visit as a Board to North America in November 2022 and we

enjoyed spending time with colleagues in our New York office,

and we look forward to visiting more offices and meeting more

colleagues in the coming year.

The Board is committed to creating and maintaining a culture

where strong levels of governance thrive throughout the

organisation, specifically ensuring that we send out consistent

messages on our values and acceptable behaviours for our

colleagues, our customers, our suppliers and our advisers.

A continued commitment





With our recent appointments,











Chris Stone



Chair’s introduction to governance

84 NCC Group plc — Annual report and accounts for the year ended 31 May 2023

































Board changes



































Board composition and diversity



















































Governance standards



























































Our approach













Board tenure as at 31 May 2023

6 years 2 months

Mike Maddison

Guy Ellis

Chris Stone







4 years 10 months

Tim Kowalski

8 years 1 month

Chris Batterham

1 year 5 months

Julie Chakraverty

5 years 1 month

Jennifer Duvalier

5 years 8 months

Mike Ettling

      

 



NCC Group plc 85

Governance

Board composition and diversity























Effectiveness

































You can read more about the Board and the Committee evaluation

on page 96

Our investors





































































Statement of compliance with the UK Corporate

Governance Code











•

































Thank you











Chris Stone

Non-Executive Chair



Chair’s introduction to governance

















NCC Group plc 86

Governance framework













•



•





•



•



•



•



•







Board

Board Committees



Chief Executive Officer

The different parts of the Company’s governance framework

are shown below, with a description of how they operate and

the linkages between them.



































































Audit

Committee

Nomination

Committee

Cyber Security

Committee

Remuneration

Committee

Read more on pages

113 and 114

Re ad more on pages

115 to 137

pages 92 to 101

NCC Group plc 87

Governance

Chris Stone



Appointment to the Board:



Career experience







































External appointments















Appointment to the Board:



Career experience



































External appointments





Appointment to the Board:



Career experience









































External appointments





Appointment to the Board:



Career experience

















































External appointments





















Our business is led by our Board of Directors.

Biographical and other details of the Directors are as follows:

Mike Maddison



Guy Ellis



Chris Batterham





A NC R

Board of Directors

NCC Group plc 88





















Committee key:

Jennifer Duvalier





Julie Chakraverty











Appointment to the Board:



Career experience

























































External appointments













Appointment to the Board:



Career experience















External appointments



























































R NC

Appointment to the Board:



Career experience









































External appointments















Mike Ettling





NCA R A

Other Directors during the year

Adam Palser





Tim Kowalski





Lynn Fordham









Appointment to the Board:



Career experience















































External appointments

















NCA R

NCC Group plc 89

Governance

Executive Committee

















































































































Angela Brown



Nick Rowe





Kevin Brown



Harmen Dikkers





NCC Group plc 90

























































































































Michelle Porteus



Rebecca Fox



Andrew Lemonofides





Siân John



NCC Group plc 91

Governance

Board composition and division of responsibilities



Role Responsibilities

Chair of the Board















Chief Executive Officer











Chief Financial Officer











Senior Independent

Director















Non-Executive Directors













Designated Non-

Executive Director

for engagement with

the workforce





Company Secretary

















NCC Group plc 92

Meetings and attendance



















Board Audit Nomination Cyber Security Remuneration







   



   





14 4

5 2

4 4





14 3

4 3

3 4



14 3

3 5

5 4







5 4

4 5





14 3

  



 

 

  

 

 



 

 

 

What principal decisions have been made and what have we looked at as a Board during 2022/23?

Section 172 statement



















Principal decisions made during the year











NCC Group plc 93

Governance

What principal decisions have been made and what have we looked at as a Board during 2022/23?

Principal decisions made during the year





Topic Stakeholder group Decision taken Engagement process Reference

Board changes Colleagues,

shareholders,

customers,

our network

































































































































Reduction in

workforce

Shareholders,

colleagues,

customers



































































































Board composition and division of responsibilities

NCC Group plc 94

Topic Stakeholder group Decision taken Engagement process Reference

Global delivery

centre in the

Philippines

Colleagues,

customers,

shareholders









































Revised

strategy and the

strategic pillars

Colleagues,

customers,

shareholders















































































Refinancing our

bank facilities

Colleagues,

customers,

shareholders,

our

network















































NCC Group plc 95

Governance

Board composition and division of responsibilities

What have we looked at as a Board during 2022/23?

















Leadership and colleagues

•





•









•









•





•







•







•





•



Strategy

•





•



•







•





•







Governance

•







•









•



•





•



•





•









•





•





•



•







•





•





•





•



•





•





Financial

•





•





•





•



•



•





•



•





•









•





•





•





•





Other Group business

•





•



•



•





•



•



•





•





•





NCC Group plc 96

Board strategy review





















































Independent advice







Conflicts of interest































Colleague engagement





















































Board independence

















•



•





•







•







•



•

























NCC Group plc 97

Governance

Board composition and division of responsibilities

Lynn Fordham – induction and first impressions

Diversity

























Annual re-election









Director induction, training and development







































Board and Committee effectiveness review











































My comprehensive induction programme and meeting

the right colleagues and advisers before I started on

1 September 2022 meant I had a good appreciation

of NCC Group and for the Company’s issues before my

first Board meeting.

I believe that the insights I gained allowed me to make

a positive contribution from the outset and although my

first Board meeting was a virtual one, I have now had

the opportunity to attend four in-person Board meetings



Strategy Day and these, together with various events

and site visits, have allowed me to further engage with

a number of colleagues.

Being on the Audit Committee and then recently

taking over from Chris Batterham as Chair has really

allowed me to “get under the skin of NCC Group”

and add value from my experiences gained elsewhere.

I have really enjoyed my early months with NCC Group

and look forward to contributing further and driving

improvements at NCC Group particularly those within

the Audit Committee’s sphere of influence, and also

in my work as lead NED for Sustainability.”

Lynn Fordham

Independent Non-Executive Director

NCC Group plc 98

Board, Committee and Chair evaluation process 2023

MSP reviewed, with the Company

Secretary, the 2022 questionnaires

and evaluation exercise results

and, based on this, recommended

using the same questionnaires for

the 2023 Board Effectiveness

Review to maintain continuity and

provide year on year comparisons.







This approach was approved

by the Chair and, for the

Chair’s review, the Senior

Independent Director.







Questionnaires were added to

an online survey website, which

ensured the anonymous and

efficient collection of answers.

The results were made available

to MSP, under an agreed

Non-Disclosure Agreement.

MSP met with each member of the

Board to conduct a structured

interview on the effectiveness of

the Board. It also met with selected

members of the senior

management team.

MSP also attended a Board

meeting as an observer.



































NCC Group plc 99

Governance

Board composition and division of responsibilities

Outcomes













Areas identified in

previous evaluations Outcome

Board composition

•





Board agendas

•



•



•



•



•



•



Board behaviours

•



•



Strategy

•



•



•



•



Performance

monitoring

•



Succession planning

•



•



Stakeholder

management

•



•



Information flows

•



•



•



•



•



Risk management

•



Committees

•









NCC Group plc 100

Operation of governance framework

Role of the Board

































•





•







•







•











•





•





•







•







•































Risk management

















Internal control





























































































Executive remuneration











NCC Group plc 101

Governance

Shareholder engagement

Share capital structure

















Board engagement with shareholders











































Board shareholder updates







Investor meetings

One-to-one meetings

Group meetings



Substantial shareholdings























  

  

  



  

  

  

  





















  

  

  

  

  

  

Directors’ shareholdings









Annual General Meeting































Chris Stone

Non-Executive Chair



NCC Group plc 102

2022/23 key activities

•

Assessed the quality of earnings by reviewing one-off,

out of period or non-trading items arising over the year

considering the background of a challenging year

•

Continued focus on the adherence to the Individually

Significant Items accounting policy

•



to ensure there is a clear description and explanation,

reconciliation, presentation and consistency applied

•

Critical review and discussion with our external auditor

on the assumptions and models used within the Group

annual impairment review and resultant disclosures

considering the background of a challenging second half

performance, a new strategy and managements future

action plans

•

Consideration of going concern and viability assessment

and disclosures considering the background of a

challenging year and a new strategy

•

Monitoring integration of IPM business including

associated risks, controls and costs of integration and

then ensuring that existing Group controls have been

implemented within the newly acquired business

•





•





reviewing and approving the Group’s response

•

Considered a change to the year end (deciding not to at



2023/24 priorities

•

Review of the risk management and control environment of

any significant strategic or operational projects and the

resulting changes in the business

•

Monitoring the project risk management of key new

initiatives, ensuring that satisfactory internal controls are

embedded from the outset

Audit Committee report

•

Reviewing and monitoring controls

•

Ensuring continued improvement of the effectiveness of the

Group’s risk management and internal control systems

•

Planning for regulatory changes arising from the new

corporate governance reform requirements, including

ensuring that we review and consider all UK governance

changes following the establishment of Audit Reporting



•



and embedding sustainability into the business

•

Undertaking a thorough and comprehensive independent

auditor tender process, leading to the reappointment of

KPMG, or the on-boarding of a new auditor

•

Monitoring implementation of the recently implemented



I am pleased to present the Audit Committee Report for the

year ended 31 May 2023 to explain how we have discharged

our responsibilities with an overview of our principal activities

and their outcomes.

Committee membership, attendees’ access

and objectives

The Audit Committee had a change of Chair during the year.



I am a Chartered Accountant with diverse sector experience

across listed companies, private equity and financial services

in a number of disciplines including risk management, internal

control and financial reporting. I am also currently Chair of the

Audit and Risk Committees at Caledonia Investments plc, Domino’s

Pizza Group plc and Enfinium Group, all of which provide me with

an additional external perspective to bring to my chairing of this

Committee. The Board therefore considers that I have the recent

and relevant financial experience required by the Code.





















Lynn Fordham

Committee Chair

Governance

103NCC Group plc — Annual report and accounts for the year ended 31 May 2023

Committee membership, attendees’ access and objectives



















Principal duties delegated to the Audit Committee

Areas delegated to

the Audit Committee Committee responsibilities Activities during the year

Financial reporting

•











•







•









•





•













•









Narrative reporting

•









•







•





•









•









•







Internal controls

and risk

management

systems

•





•





•







•









Compliance,

whistleblowing

and fraud

•







•







Internal audit

•





•







External audit

•











•







•







•





•





•





•





Audit Committee report

NCC Group plc 104



Report and Accounts to 31 May 2022





























•





















•









•











Meeting frequency and attendance



























 













 



 

 



Significant accounting areas and areas of significant

management judgement or estimation uncertainty





































  



  

Significant issues considered during the year

in relation to the Financial Statements







•



•





•



•





•





•





•





•



•









•



•













NCC Group plc 105

Governance

Goodwill carrying value































Fair value less costs to sell























































































































































The Group’s approach to materiality



























Internal audit







































Audit Committee report

NCC Group plc 106

Internal audit















Internal controls and risk management















































Controls relating to financial reporting and preparation

of the Annual Report and Accounts

•







•





•





•







Other controls

•







•





•



•





•







•















•







•



•



•





•













Whistleblowing and confidential reporting procedures



































Review of the Audit Committee’s effectiveness



















Auditor’s independence and objectivity



























NCC Group plc 107

Governance

Auditor’s independence and objectivity



































External auditor’s effectiveness and appointment











•





•





•



•







•



•



•





•



•



•





























































•





•







•























Audit Committee report

NCC Group plc 108

Fair, balanced and understandable



1. Financial information

•



•



•



2. Narrative disclosures

•



•



•





3. Independent reviewers

•





•



4. Audit Committee Chair

•



•





Financial

information

Independent

reviewers

Narrative

disclosures

Audit

Committee

Chair

Related party transactions and other fees approved

by the Committee



Fair, balanced and understandable





















•





•



•





















Lynn Fordham

Chair, Audit Committee



NCC Group plc 109

Governance

2022/23 highlights

•

Significant improvement in diversity in the Executive

Committee and the Board

•

Continued focus on building strength in our senior

leadership team to support succession planning, senior

management and Executive Director succession plans

•

Relentless focus on diversity and inclusion in every

meeting, including undertaking unconscious bias training

•

Scoped and planned the launch of gathering of diversity



•



have launched two surveys in the year which have been

challenged and reviewed by the Committee

2023/24 priorities

•

Continue to build and develop diverse senior cyber

leadership across the Group

•

Embed and encourage the data collection, analysis and

actionable insights coming from the diversity data launch

in Workday

•



to create insight and action planning

•

Shift the culture to create growth across the Group by

responding to colleague needs in this post-pandemic

hybrid world, and the needs of our clients by creating the

right working environment to support colleague engagement

Nomination Committee report

The members of the Nomination Committee are Chris Batterham,





The Nomination Committee’s objectives

and responsibilities

The Nomination Committee is responsible for reviewing the

size, structure, balance, composition and progressive refreshing

of the Board and its Committees and as such its duties include:

•

Reviewing the structure of the Board

•

Evaluating the balance of skills, knowledge, experience

and diversity on the Board

•

Making recommendations for further recruitment to the Board

or proposing changes to the existing structure of the Board,

or individual Directors

•

Reviewing the leadership needs of the Company,

both Executive and Non-Executive

•

Succession planning for Directors and other senior

Executives within the business

•

Recruiting, appointing and exiting of Directors

•

Overseeing membership of, and succession to, the various

Board Committees

•

Reviewing the time commitment required from the

Non-Executive Directors on NCC Group business

The Chair of the Board leads the process for the appointment

of new Non-Executive Directors to the Board and for the

appointment of the Chief Executive Officer. The Chief Executive

Officer, in conjunction with the Chair, leads the process for the



the process for a new Chair of the Board.

In relation to an appointment to the Board, the Committee draws

up a specification and assesses the capabilities and experience

required for such a role, taking into account the Board’s existing

composition, including relevant experience and understanding

of our stakeholder groups.





Our objective is to have a broad

range of skills, backgrounds,

experiences and personal

attributes within the Board as this

ensures the Board is best placed

to serve the Company.”

Chris Stone

Committee Chair

110 NCC Group plc — Annual report and accounts for the year ended 31 May 2023











Diversity





















































































































Committee meetings









 





















 



 

Activities during the year

During the year, the Committee:

•



•



•





•



•



•



•



•





•

















Presentations and updates during the year







•





•









NCC Group plc 111

Governance

Presentations and updates during the year

•





•





•







•



•







•











•





•







•















Processes

•





•





•









•











•

















Culture

•













•











•











•















Colleague voice

•

















•







Long term

•









•





•













•







Committee effectiveness







•







•





•









External search consultancies









Chris Stone

Chair, Nomination Committee



Nomination Committee report

NCC Group plc 112

2022/23 highlights

•







•

Ongoing alignment to the NIST Cybersecurity



opportunities for improvement. This is mapped

to our existing ISO 27001 certification

•

Implementation of a “three lines of defence” model for

information security, increasing oversight and

independence of risk management

2023/24 priorities

•

Reviewing structure of data protection and governance

team in light of attrition and bringing all support back in house

•

Greater global alignment in terms of policies and

procedures, and consolidation of our ISO 27001

accreditation under a single certificate

•

Group-wide alignment for risk management and

consistent reporting of risk to the Board

•

Migration of our in-house security monitoring to our new



service, leveraging the latest technology

•

New regulatory requirements are emerging for NCC

Group, such as NIS in the UK and NIS2/DORA in the EU.

We are starting our compliance efforts early, and working

directly with governments and regulators to ensure

successful compliance ahead of introduction

Cyber Security Committee report

The Cyber Security Committee was formed to focus specifically

on the cyber risks faced by the Group. This reflects the significant

threat posed by cyber risks, the nature of our business, and the

potential damage to the business as a high value target for

malicious acts. The Committee’s activities aim to challenge and

support improvements to the Group’s information security and

data protection policies, defences and controls, so as to comply

with global data protection regulations around the world, and

ensure that the Group looks after its own information, and the

information that its customers entrust to it, with the proper care

and attention.

The Committee was formed in November 2016 and I have been

Chair since July 2022.

Chris Batterham and Jennifer Duvalier (both independent









welcome new experience and perspective with her strong

financial and risk background and is a strong addition to the



a member of the Committee.

The Group’s Director of Global Governance, the Group’s Chief





invitees of the Committee. The Executive Directors are invited

to attend Committee meetings when the Committee considers

it to be appropriate.

















Julie Chakraverty

Committee Chair

Governance

113NCC Group plc — Annual report and accounts for the year ended 31 May 2023

The Cyber Security Committee’s objectives

and responsibilities







•





•





•





•







•





•







•









•



•





•





•







•













Committee effectiveness





























Committee activities during the year

•



















•





































•





•









•











Committee meetings











 





















 



 

Julie Chakraverty

Chair, Cyber Security Committee



Cyber Security Committee report

NCC Group plc 114

2022/23 highlights

•

Continuing to embed the Remuneration Policy for



•

Making further grants under the Restricted Share Plan

for below-Board colleagues, to further broaden colleague

share ownership

•



colleague share ownership at all levels

•





2023/24 priorities

•



Remuneration Policy and consult as appropriate with our

major shareholders, before seeking shareholder approval

at the 2024 AGM

•

Continue to ensure our incentive arrangements support

the Group’s revised long-term growth strategy

•

Reviewing the all colleague and discretionary share plans

that the Group wishes to offer

•

Continue to review when the appropriate time is to

introduce ESG measures into incentive arrangements

Remuneration Committee report



On behalf of your Board, I am pleased to present our Directors’



The report is divided into three sections: this Annual Committee



and the previously approved Directors’ Remuneration Policy.

At the AGM in November 2022, 92.68% of shareholders voted

in favour of the Directors’ Remuneration Report, and I would

like to thank shareholders for their continuing support.

Annual Statement

2022/23 was another busy year for the Remuneration

Committee and we had five meetings in total. The Committee





as Chair. Our Board Chair, Chris Stone, also attended all the

meetings. We invited our remuneration consultants, Chief





we always ensure that we have time without Executives present.

Corporate Governance Code remuneration

requirements for engagement with shareholders

and colleagues

The Committee closely monitors shareholder guidance and

feedback on remuneration. Shareholder voting on AGM

remuneration resolutions is reviewed annually, shareholders

are consulted when changes to policy are being considered,

and major shareholders have the opportunity to provide annual

feedback to the Board and Remuneration Committee on NCC

Group’s remuneration approach at annual engagement meetings.









Jennifer Duvalier



Governance

115NCC Group plc — Annual report and accounts for the year ended 31 May 2023

Corporate Governance Code remuneration

requirements for engagement with shareholders

and colleagues



















































































Base salaries



























































































































Joining terms for CEO and leaver terms for former CEO









Remuneration Committee report



NCC Group plc 116

Performance related pay – annual bonus







































•

Strategic objectives within the Assurance business:



•

Strategic objective for the Software Resilience business:







•

Sustainability and people objectives:































































































































 









 





 

























NCC Group plc 117

Governance















































Non-Executive Director and Chair’s fees















Details of these fees and allowances are given in the Annual Report

on Remuneration on page 119

Grants of shares under a below-Board Restricted

Share Plan to broaden colleague share ownership



































Conclusion















•









•









•





















Jennifer Duvalier

Chair, Remuneration Committee



Remuneration Committee report



NCC Group plc 118

Annual Report on Remuneration









How the Remuneration Policy has been implemented in the year ended 31 May 2023



•



•



•









 





















































 















 31 May 2023 163 – – – 163 – – – – 163

          





31 May 2023 449 1 16 – 466 39 – 500 539 1,005

          





31 May 2023 24 1 1 – 26 – – – – 26

          





31 May 2023 333 13 15 – 361 21 35 – 56 417

          





31 May 2023 70 – – – 70 – – – – 70

          







31 May 2023 78 – – – 78 – – – – 78

          







31 May 2023 67 – – – 67 – – – – 67

          







31 May 2023 46 – – – 46 – – – – 46

          

 31 May 2023 56 – – – 56 – – – – 56

          

 31 May 2023 1,286 15 32 – 1,333 60 35 500 595 1,928

          

 



 





 



 



 













 







NCC Group plc 119

Governance



 





 



 



 





Additional information in respect of the single total figure of remuneration

Pension and benefits





Annual bonus

2022/23 annual bonus (audited)



















Financial targets – up to 75% of the bonus

  











    

    

    









    

    

    











    

    

    











    

    

    

 







  

  

 7.5% 5.0%

Bonus opportunity for FY22/23 £625,000* £415,800

Total bonus for FY22/23 £39,063* £20,790

Amount paid in cash £25,391 £13,513

Amount deferred in shares £13,672 £7,277



Remuneration Committee report



NCC Group plc 120

Additional information in respect of the single total figure of remuneration

Annual bonus

Financial targets – up to 75% of the bonus











 



Strategic targets – up to 25% of the bonus







maximum total bonus)

31 May 2023

  Weighting Outcome

CEO targets

  5.0% 0.0%

  5.0% 0.0%

  5.0% 0.0%

  5.0% 5.0%

 



2.5% 1.25%

 





2.5% 1.25%

CEO outcome 25.0% 7.5%

CFO targets

  5.0% 0.0%

 



5.0% 0.0%













5.0% 0.75%











2.5% 2.5%







2.5% 1.75%

CFO outcome 25.0% 5.0%

NCC Group plc 121

Governance















  

 











•







•







•









  

















 

 











    



 













    





  





 







 



 

















 



 

  



 

•









•









•









  



  





  













 

 







   



 







   





  





  







 

 

 



Remuneration Committee report



NCC Group plc 122

Special Replacement Award





















•



•





•



•



•



•







•











SAYE options granted in the year







Payments to past Directors













Summary of maximum LTIP awards outstanding





































Total LTIP

options

held at

31 May

2023

      436,408

      473,849

 

 





NCC Group plc 123

Governance













































31 May

2023





31 May

2023





31 May

2023





31 May

2023





31 May

2023





31 May

2023





31 May

2023









162,843  –  –  –  –  –  162,843 



 – 

436,408  14,269  –  –  222,222  672,899 







–  –  –  –  –  –  – 





147,197  440,956  14,269  66,921  28,764  –  698,107 





55,000  –  –  –  –  –  55,000 





20,249  –  –  –  –  –  20,249 





19,115  –  –  –  –  –  19,115 





50,000  –  –  –  –  –  50,000 





25,000  –  –  –    –  25,000 

 

 

 

 

 

 





•



•



•



•



•



•



•





•



Shareholding requirements



















Remuneration Committee report



NCC Group plc 124







Shareholding

as at

31 May

2023







  0% 

  72% 

Appointment terms for new Directors









•



•



•



•





•



















Annual bonus







Deferred annual bonus awards

















•





•







Post-employment shareholding requirements





Other





NCC Group plc 125

Governance

Relative importance of the spend on pay



31 May

2023

£m





 





236.9  





14.5  

 

 



Percentage increase in the remuneration of the Directors











  

   2022/23   2022/23   2022/23

   3% — — — — — —

 — — — — — — — — —

    —     —

   8% —     

    — — — — — —

 — — 225% — — — — — —

   2% — — — — — —

 — — — — — — — — —

   2% — — — — — —

   7.9% — — —   



















Chief Executive pay compared to pay of UK colleagues







Total pay ratio

 



















    

    

    

    

    



























      

      

Remuneration Committee report



NCC Group plc 126

Chief Executive pay compared to pay of UK colleagues

CEO pay ratio

















Performance graph and table



















400

350

300

250

200

150

100

2014 20152013 2016 2017

Year ended 31 May

2018 2019 2020 2021 2022 2023

£100

£164

£198

£273

£166

£208

£169

£166

£232

£315

£101

NCC Group plc      



NCC Group plc 127

Governance

Performance graph and table

































  





  

   

   

   

   









 









 

   

   

   

   

 

 

 

 



 

 

Membership and attendance













 



















 

 

Adviser to the Committee













Remuneration Committee report



NCC Group plc 128

Service contracts and letters of appointment



 

Executive

  

  

  

  

Non-Executive

  

  

  

  

  

  

Dilution











How will the Remuneration Policy be implemented in the year ending 31 May 2024?

Executive Directors’ base salaries









Base salary

at 31 May

2023

£000

Base salary

at 1 June



£000 % change

 500 500 0%

 333 333 0%

 n/a 

n/a

 

Pension



Non-Executive Directors’ fees









FY23/24 

 £154,500 

 £51,500 



 £10,000 

 £11,000 

 £11,000 





£8,000 

 £11,000 

 



NCC Group plc 129

Governance

Annual bonus









































Metric Weight  

   

   





  













Statement of shareholder voting













   





   

    





 





 

  

 

 



Jennifer Duvalier

Chair, Remuneration Committee



Remuneration Committee report



NCC Group plc 130

Overall approach to remuneration





•







•





•





•





















Area of provision 40 of the 2018 UK Corporate Governance Code How fulfilled

Clarity























Simplicity

















Risk



















Predictability























Proportionality 



















Alignment to culture

















NCC Group plc 131

Governance

Current Policy table for Executive Directors

Purpose and link to

short and long-term

strategic objectives Operation (including framework to assess performance) Maximum opportunity

Changes since

last Directors’

Remuneration

Policy

Salary































































Benefits































Pension





































































Annual bonus





























































































Remuneration Committee report



NCC Group plc 132

Purpose and link to

short and long-term

strategic objectives Operation (including framework to assess performance) Maximum opportunity

Changes since

last Directors’

Remuneration

Policy

Long Term Incentive Plan















































































Executive Director shareholding requirement













































 

































Choice of performance measures and target setting





























Current Policy table for Executive Directors

NCC Group plc 133

Governance

Differences in Remuneration Policy for colleagues and Executive Directors











•





•





•













Non-Executive Director Policy table

Purpose and link to

short and long-term

strategic objectives Operation (including framework to assess performance) Maximum opportunity

Changes since

last Directors’

Remuneration

Policy

Fees







































































































Remuneration Committee report



NCC Group plc 134

Approach to recruitment







Pay element Approach Areas of flexibility

Salary 

















Benefits

and

pension























Pay element Approach Areas of flexibility

Incentive

opportunity

















“Buyout” awards 



















Transitional

arrangements

for internal

appointments

to the Board



















Approach to service contracts and letters of appointment











Policy on payment for loss of office















NCC Group plc 135

Governance

Policy on payment for loss of office

Pay element Approach Areas of flexibility

Annual bonus







•







•







•





















Long Term

Incentive Plan



















All-colleague share

schemes









Illustration of remuneration scenarios





Chief Executive Officer 

3,000

2,500

2,000

1,500

1,000

500

100%

54%

62%

32%

29%

14%

26%

36%

22%

30%

31%

32%

25%

28%

43%

32%

53%

42%

Minimum MinimumTarget TargetMaximum MaximumMaximum +

50% share

price

growth

Maximum +

50% share

price

growth

£524

£324

£967

£519

£2,024

£924

£1,074

 

 

Annual bonus

£000

£2,461

Remuneration Committee report



NCC Group plc 136

Illustration of remuneration scenarios



•

Minimum.



•

Target.







•

Maximum.





•

Effect of a 50% increase in share price.



Statement of consideration of employment conditions elsewhere in the Group















How shareholder views are taken into account









Key areas of discretion in the Remuneration Policy







•



•



•



•



•



•



•



•





•









•





Legacy arrangements











External directorships for Executive Directors









NCC Group plc 137

Governance









Principal activities















Going concern











































































































































































































 







 

 



Directors’ report





NCC Group plc 138

Going concern

 





 



























































 



Results and dividends





















Post-balance sheet events









Share capital and control





















































































Authority to purchase own shares

















Directors





































NCC Group plc 139

Governance

Directors’ and Officers’ insurance and indemnities





























Colleagues















































Business relationships with suppliers,

customers and others











Equal opportunities

















Disabled persons















Political donations





Sustainability Report









Overseas branches



Research and development













Change of control



















Disclosure of information to the auditor















Reappointment of auditor

















Directors’ report

NCC Group plc 140

Annual General Meeting



























Capitalised interest





Reporting requirements







 

 









 

 



















 



 

 

 

 



 







 





Mike Maddison Guy Ellis

  

  

NCC Group plc 141

Governance

Directors’ responsibilities statement

Statement of Directors’ responsibilities in respect

of the Annual Report and the Financial Statements































•





•





•





•







•





























































Responsibility statement of the Directors in respect

of the Annual Report



•











•





















Mike Maddison Guy Ellis

  

  

NCC Group plc 142

In this section

144 Independent auditor’s report

152 Consolidated income statement

152 Consolidated statement of comprehensive income/(loss)

153 Consolidated balance sheet

154 Consolidated cash flow statement

156 Consolidated statement of changes in equity

157 Company balance sheet

158 Company cash flow statement

159 Company statement of changes in equity

160 Notes to the Financial Statements

Additional information

215 Glossary of terms – other terms

217 Other information

218 Financial calendar

Financial

statements

NCC Group plc  143

Financial statements

Independent auditor’s report



1 Our opinion is unmodified



















•







•







•









•





Basis for opinion































Materiality











Coverage 



Key audit matters vs 2022

Recurring risks 

















NCC Group plc 144

2 Key audit matters: our assessment of risks of material misstatement

















The risk Our response

Recoverability of carrying

amounts of the North America

Cyber Security and Europe

Cyber Security cash

generating units (‘CGUs’)



















Subjective estimate



































































































•

Historical comparison:











•

Benchmarking assumptions:











•

Our sector experience:







•

Our valuation expertise:





•

Assessment of experts:













•

Valuation comparison:









•

Sensitivity analysis:





•

Assessing transparency: 









Our results













Financial statements

NCC Group plc 145

Independent auditor’s report



The risk Our response

Revenue recognition



































2023/2024 sales



















































































Tests of detail:

•









•









•

Assessing Transparency:





Our results









Recoverability of Parent

Company’s investments

in subsidiaries













Low risk, high value



































•

Tests of detail:









•

Comparing valuations: 











•

Comparing valuations: 





Our results















2 Key audit matters: our assessment of risks of material misstatement

NCC Group plc 146

Group materiality



Normalised Group profit

before tax



£1.0m







£0.65m











£0.7m











£0.05m









 

 

Total profits and losses

that made up Group loss

before tax

Group revenue

94%



Group total assets

85%



96%



 

 

 

 

 

3 Our application of materiality and an overview of

the scope of our audit



































































































Financial statements

NCC Group plc 147

Independent auditor’s report



3 Our application of materiality and an overview of

the scope of our audit

































































4 The impact of climate change on our audit













































5 Going concern



































•





•



•





•









NCC Group plc 148

5 Going concern

















•









•





•











•







•







•











•















•

















6 Fraud and breaches of laws and regulations –

ability to detect









•













•





•







•





































































•



•













Financial statements

NCC Group plc 149

Independent auditor’s report



6 Fraud and breaches of laws and regulations –

ability to detect

Identifying and responding to risks of material misstatement

related to compliance with laws and regulations

























































































Context of the ability of the audit to detect fraud or breaches

of law or regulation

































7 We have nothing to report on the other information

in the Annual Report

























Strategic report and directors’ report



•





•





•





Directors’ remuneration report







Disclosures of emerging and principal risks and

longer-term viability















•











•







•

















NCC Group plc 150

7 We have nothing to report on the other information

in the Annual Report

Disclosures of emerging and principal risks and

longer-term viability



























Corporate governance disclosures















•











•









•















8 We have nothing to report on the other matters

on which we are required to report by exception





•







•







•





•







9 Respective responsibilities

Directors’ responsibilities

























Auditor’s responsibilities





































10 The purpose of our audit work and to whom we owe

our responsibilities





















for and on behalf of KPMG LLP, Statutory Auditor

Chartered Accountants

1 St. Peter’s Square

Manchester

M2 3AE

United Kingdom



Financial statements

NCC Group plc 151

Consolidated income statement

for the year ended 31 May 2023

Notes

2023

£m

2022

£m

Revenue 4 335. 1 314 .8

Cost of sales 4 (2 0 3 .1) (182 .2)

Gross profit 4 132. 0 132. 6

Administrative expenses

Individually Significant Items 5 (14. 7) (0.9)

Depreciation and amortisation 6 (22.6) (19 .7)

Credit gains/(losses) recognised on financial assets 6 1.5 (0.6)

(Impairment)/reversal of impairment of non-current assets 6 (1 .1) 0 .1

Other administrative expenses (93. 2) (76.8)

Total administrative expenses

(13 0 .1) (97 .9)

Operating profit 4 1.9 34.7

Finance costs 8 (6. 2) (3 . 7)

(Loss)/profit before taxation 6 (4. 3) 31.0

Taxation 9 (0.3) (8.0)

(Loss)/profit for the year attributable to owners of the Company (4. 6) 23. 0

Earnings per ordinary share 11

Basic EPS (1.5)p 7. 4p

Diluted EPS (1.5)p 7. 4p

Consolidated statement of comprehensive (loss)/income

for the year ended 31 May 2023

2023

£m

2022

£m

(Loss)/profit for the year attributable to the owners of the Company (4. 6) 23. 0

Other comprehensive income/(loss)

Items that may be reclassified subsequently to profit or loss (net of tax)

Cash flow hedges – effective portion of changes in fair value — (0 .1)

Foreign exchange translation differences 2.4 14. 8

Total other comprehensive income 2.4 14. 7

Total comprehensive (loss)/income for the year (net of tax) attributable to the owners of the Company (2. 2) 3 7 . 7

The accompanying Notes 1 to 37 are an integral part of these consolidated Financial Statements.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023152

Consolidated balance sheet

at 31 May 2023

Notes

31 May 2023

£m

31 May 2022

£m

Non-current assets

Goodwill 12 255.8 26 6 .1

Intangible assets 12 110.9 11 8. 6

Property, plant and equipment 13 12 .5 12. 9

Right-of-use assets 14 18.6 22.0

Investments 15 0.3 0.3

Deferred tax asset 18 2.9 1.4

Total non-current assets 40 1.0 42 1. 3

Current assets

Inventories 16 0.8 0.9

Trade and other receivables 17 58. 1 7 7. 7

Contingent consideration receivable 34 3.8 —

Derivative financial instruments 25 — 0.2

Current tax receivable 3.6 3 .1

Cash and cash equivalents 24 3 4 .1 73.2

Total current assets 100. 4 1 5 5 .1

Total assets 5 01.4 57 6.4

Current liabilities

Trade and other payables 19 44.7 48.3

Bank overdraft 24 1.8 —

Borrowings 24 — 18.5

Lease liabilities 20 6.0 5.4

Current tax payable 4 .2 7. 4

Derivative financial instruments 25 0.6 —

Contingent consideration payable 35 1.0 1. 9

Provisions 21 1.2 2.7

Contract liabilities – deferred revenue 22 51.6 61.7

Total current liabilities 111.1 145 .9

Non-current liabilities

Borrowings 24 81.9 1 0 7. 1

Lease liabilities 20 24.0 2 7. 2

Deferred tax liabilities 18 1.4 1.6

Provisions 21 1.5 0. 8

Contract liabilities – deferred revenue 22 3.3 0.6

Total non-current liabilities 1 1 2 .1 1 3 7. 3

Total liabilities 223. 2 28 3. 2

Net assets 278.2 293.2

Equity

Share capital 27 3 .1 3 .1

Share premium 27 2 2 4 .1 224 . 0

Merger reserve 27 42 .3 42. 3

Currency translation reserve 27 3 7. 5 3 5 .1

Retained earnings 27 (28.8) (11 .3)

Total equity attributable to equity holders of the Parent 278.2 293.2

The accompanying Notes 1 to 37 are an integral part of these consolidated Financial Statements.

These Financial Statements were approved and authorised for issue by the Board of Directors on 28 September 2023. They were

signed on its behalf by:

Mike Maddison Guy Ellis

Chief Executive Officer Chief Financial Officer

28 September 2023 28 September 2023

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 153

Consolidated cash flow statement

for the year ended 31 May 2023

Notes

2023

£m

2022

£m

Cash flows from operating activities

(Loss)/profit for the year (4. 6) 23. 0

Adjustments for:

epreciation of property, plant and equipment 13 4.5 3.9

Depreciation of right-of-use assets 14 5.7 5.4

hare-based payments 26 2 .2 3.9

Cash settled share-based payments — (0 .5)

mortisation of customer contracts and relationships 12 10.0 8.6

Amortisation of software and development costs 12 2 .4 1. 8

mpairment of goodwill 12 12 .8 —

Impairment of software costs 12 0.6 —

mpairment/(reversal of impairment) of right-of-use-assets 14 0.5 (0 .1)

Lease financing costs 8 1 .1 1.2

ther financing costs 8 5 .1 2.5

Foreign exchange loss/(gain) 6 0.6 (0.6)

cquisition of business – transaction costs 5 — (7. 3)

Disposal of business – transaction costs 34 (0 .1) —

SIs (non-cash impact) 5 3. 5 —

Profit on disposal of right-of-use assets 6 (0.7) —

rofit on disposal of business (DDI) 34 (4 . 7) —

Research and development UK tax credits (0. 5) (1.0)

esearch and development US tax credits (1. 4) (1 .1)

Income tax expense 1.7 9 .1

ecrease)/increase in provisions 21 (0.8) 0.5

Cash inflow for the year before changes in working capital 3 7. 9 49.3

Decrease/(increase) in trade and other receivables 19.7 (1. 8)

Decrease in inventories 0 .1 0. 2

(Decrease)/increase in trade and other payables (1 5 .1) 12.6

Cash generated from operating activities before interest and taxation 42 .6 60.3

Interest element of lease payments 20 (1 .1) (1. 2)

Other interest paid (4. 0) (2 .1)

Taxation paid (5.4) (2. 2)

Net cash generated from operating activities 3 2 .1 54.8

Cash flows from investing activities

Acquisition of trade and assets as part of business combinations 35 (1. 0) (153 .0)

Purchase of property, plant and equipment (3 .9) (5 .2)

Software and development expenditure (3. 4) (3. 0)

Sale proceeds of business disposal (DDI) 2.0 —

Net cash used in investing activities (6. 3) (16 1. 2)

Cash flows from financing activities

Proceeds from the issue of ordinary share capital 27 0.1 0.8

Purchase of own shares (0. 5) —

Principal element of lease payments 20 (6 .1) (5 .3)

Drawdown of borrowings (net of deferred issue costs) 70.8 120.7

Issue costs related to borrowings (1 .5) (0.6)

Repayment of borrowings (115. 6) (3 9. 4)

Equity dividends paid 10 (14. 5) (14 .4)

Net cash (used in)/generated from financing activities

(6 7. 3) 61.8

Net decrease in cash and cash equivalents (41 .5) (44 .6)

Cash and cash equivalents at beginning of period 73 .2 116 .5

Effect of foreign currency exchange rate changes 0.6 1.3

Cash and cash equivalents at end of year 24 32. 3 73 .2

NCC Group plc — Annual report and accounts for the year ended 31 May 2023154

Consolidated cash flow statement continued

for the year ended 31 May 2023

Reconciliation of net change in cash and cash equivalents to movement in net debt

Notes

2023

£m

2022

£m

Net decrease in cash and cash equivalents (41 .5) (4 4 .6)

Change in net debt

resulting from cash flows (net of deferred issue costs) 44.8 (8 1. 3)

Interest incurred on borrowings 4.0 2.1

Interest paid on borrowings (4. 0) (2 .1)

Release of deferred issue costs (1. 0) (0. 4)

Issue costs related to borrowings (non-cash) 1.7 0.6

Effect of foreign currency on cash flows 0.6 1.3

Foreign currency translation differences on borrowings (1. 8) (11. 3)

Change in net cash/(debt)

during the year 2.8 (135. 7)

Net (debt)/cash at start of year excluding lease liabilities

(52 . 4) 83.3

Net debt at end of year excluding lease liabilities

(4 9.6) (52. 4)

Lease liabilities 20 (30.0) (32 . 6)

Net debt

at end of year (79.6) (85 .0)

The accompanying Notes 1 to 37 are an integral part of these consolidated Financial Statements.

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 155

Consolidated statement of changes in equity

for the year ended 31 May 2023

Notes

capital

£m

premium

£m

Hedging

reserve

£m

Merger

reserve

£m

Currency

translation

reserve

£m

Retained

earnings

£m

Total

£m

Balance at 1 June 2021 3 .1 223 .2 (0. 8) 42. 3 20.3 (21.9) 266 .2

Profit for the year — — — — — 23.0 23 .0

Other comprehensive expense for the year — — (0 .1) — — — (0 .1)

Foreign currency translation differences — — — — 14 .8 — 14. 8

Total comprehensive (expense)/income

for the year — — (0 .1) — 14 . 8 23.0 3 7. 7

Transactions with owners recorded directly

in equity

Dividends to equity shareholders 10 — — — — — (14 .4) (14. 4)

Transfer hedging reserve to retained earnings — — 0.9 — — (0.9) —

Share-based payments 26 — — — — — 3.2 3.2

Tax on share-based payments 9 — — — — — (0.3) (0. 3)

Shares issued 27 — 0.8 — — — — 0. 8

Total contributions by and distributions

to owners — 0.8 0.9 — — (12 .4) (10.7)

Balance at 31 May 2022 3. 1 224.0 — 42.3 35.1 (11. 3) 293.2

Loss for the year — — — — — (4 . 6) (4.6)

Foreign currency translation differences — — — — 2 .4 — 2.4

Total comprehensive income/(loss) for the year — — — — 2.4 (4 .6) (2. 2)

Transactions with owners recorded directly

in equity

Dividends to equity shareholders 10 — — — — — (14 .5) (14 .5)

Share-based payments 26 — — — — — 2.2 2.2

Tax on share-based payments 9 — — — — — (0 .1) (0 .1)

Purchase of own shares — — — — — (0.5) (0.5)

Shares issued 27 — 0 .1 — — — — 0 .1

Total contributions by and distributions

to owners — 0 .1 — — — (12 .9) (12 . 8)

Balance at 31 May 2023 3 .1 2 2 4 .1 — 42.3 3 7. 5 (28.8) 278. 2

The accompanying Notes 1 to 37 are an integral part of these consolidated Financial Statements.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023156

Company balance sheet

at 31 May 2023

Company no: 4627044

Notes

2023

£m

2022

£m

Non-current assets

Investments in subsidiary undertakings 33 279.1 276.9

Trade and other receivables 17 23.2 32.9

Total non-current assets 302.3 309.8

Current assets

Cash and cash equivalents 24 15.0 20.2

Total current assets 15.0 20.2

Total assets 317.3 330.0

Current liabilities

Trade and other payables 19 0.2 18.2

Total current liabilities 0.2 18.2

Total liabilities 0.2 18.2

Net assets 317.1 311.8

Equity

Share capital 27 3.1 3.1

Share premium 27 224.1 224.0

Merger reserve 27 42.3 42.3

Retained earnings 27 47.6 42.4

Total equity 317.1 311.8

The accompanying Notes 1 to 37 are an integral part of these Financial Statements.

These Financial Statements were approved and authorised for issue by the Board of Directors on 28 September 2023. They were

signed on its behalf by:

Mike Maddison Guy Ellis

Chief Executive Officer Chief Financial Officer

28 September 2023 28 September 2023

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 157

Company cash flow statement

for the year ended 31 May 2023

Notes

2023

£m

2022

£m

Cash flows from operating activities

Profit for the year 28 17.5 20.0

Cash inflow for the year before changes in working capital 17.5 20.0

Decrease in trade and other receivables 9.7 8.5

(Decrease)/increase in trade and other payables (18.0) 4.7

Net cash generated from operating activities 9.2 33.2

Cash flows from financing activities

Proceeds from the issue of ordinary share capital 27 0.1 0.8

Equity dividends paid 10 (14.5) (14.4)

Net cash used in financing activities (14.4) (13.6)

Net (decrease)/increase in cash and cash equivalents (5.2) 19.6

Cash and cash equivalents at beginning of year 20.2 0.6

Cash and cash equivalents at end of year 15.0 20.2

The accompanying Notes 1 to 37 are an integral part of these Financial Statements.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023158

Company statement of changes in equity

for the year ended 31 May 2023

Notes

capital

£m

premium

£m

Merger

reserve

£m

Retained

earnings

£m

Total

£m

Balance at 31 May 2021 and 1 June 2021 3.1 223.2 42.3 32.9 301.5

Profit for the year — — — 20.0 20.0

Total comprehensive income for the year — — — 20.0 20.0

Transactions with owners recorded directly in equity

Dividends to equity shareholders 10 — — — (14.4) (14.4)

Increase in subsidiary investment for share-based charges — — — 3.9 3.9

Shares issued 27 — 0.8 — — 0.8

Total contributions by and distributions to owners — 0.8 — (10.5) (9.7)

Balance at 31 May 2022 3.1 224.0 42.3 42.4 311.8

Profit for the year — — — 17.5 17.5

Total comprehensive income for the year — — — 17.5 17.5

Transactions with owners recorded directly in equity

Dividends to equity shareholders 10 — — — (14.5) (14.5)

Increase in subsidiary investment for share-based charges — — — 2.2 2.2

Shares issued 27 — 0.1 — — 0.1

Total contributions by and distributions to owners — 0.1 — (12.3) (12.2)

Balance at 31 May 2023 3.1 224.1 42.3 47.6 317.1

The accompanying Notes 1 to 37 are an integral part of these Financial Statements.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 159

Notes to the Financial Statements

for the year ended 31 May 2023

1 Accounting policies

Basis of preparation

NCC Group plc (the “Company”) is a public company incorporated in the UK, with its registered office at XYZ Building, 2 Hardman

Boulevard, Manchester M3 3AQ. The Group Financial Statements consolidate those of the Company and its subsidiaries (together

referred to as the “Group”). The principal activity of the Group is the provision of independent advice and services to customers

through the supply of Cyber Security

and Software Resilience services. The Parent Company Financial Statements present

information about the Company as a separate entity and not about the Group. These Financial Statements have been approved

for issue by the Board of Directors on 28 September 2023.

These Group and Parent Company Financial Statements have been prepared and approved by the Directors in accordance with

UK-adopted International Accounting Standards (“UK-adopted IFRS”). On publishing the Parent Company Financial Statements

here together with the Group Financial Statements, the Company is also taking advantage of the exemption in s408 of the Companies

Act 2006 not to present its individual Income Statement and related notes that form a part of these approved Financial Statements.

The Financial Statements ended 31 May 2023 now refer to the Cyber Security

division as the Group’s former Assurance division.

Climate change

The Directors have reviewed the potential impact of climate change and the Task Force on Climate-related Financial Disclosures

(TCFD) on the consolidated Financial Statements. During the year, the Group has carried out a materiality assessment to identify what

social, environmental and governance issues are most material and significant to the NCC Group business and stakeholders to aid our

commitment to achieving net zero by 2050. Our original baseline assessment was impacted by the pandemic and a different business

strategy and therefore we have re-based this assessment. Our overall exposure to physical and transitional climate change is

considered low in the short to medium term due to the nature of the business and cyber resilience industry. The Group continues

to evolve its sustainability agenda with further details on our short, medium, medium to long and long-term goals contained within

the non-financial and sustainability information statement on pages 46 to 52 of the Annual Report.

The Directors have considered climate change in the following areas of the consolidated Financial Statements, noting no material

financial impact in each area:

•

Critical accounting judgements and key sources of estimation uncertainty

•

Going concern assessment

•

Property, plant and equipment – economic life and residual values

•

Impairment of assets – the impact of environmental change on growth rates and projected cash flows

•

Inventories – realisable value issues

•

Provisions – recognition of new liabilities or contingent liabilities arising from climate change and Group physical and transition risks of:

•

Greenhouse gas emissions – increased costs associated with more taxes and levies

•

Move to net zero – increased costs required to lower emissions

•

Margin risk – impact on delivery day rates and associated erosion of profit margin due to increased costs

•

Reputational risk – failure to comply with regulations resulting in negative impact on Group

•

Supply chain – increased supply costs and delayed deliveries impacting customer contracts/provision of services

•

Extreme weather or rising sea levels – reduction in revenue and increased costs

•

Fair value measurement – climate change variables being incorporated into market participant valuations

•

Financial instruments – expected credit losses and risk of default on Group borrowings (RCF and term loan)

•

IFRS 16 ‘Leases’ – changes to property lease portfolio or car lease agreements. During the financial year the Group has moved FY23

from a company car scheme to a salary sacrifice scheme (leased directly by the colleague); this will result over time a reduction in

the motor vehicle right-of-use-asset and corresponding lease liabilities, as the contract lease terms ends.

New and amended accounting standards that have been issued and are effective from 1 January 2023

At the date of authorisation of these Financial Statements, the following new accounting pronouncements have been issued and are

effective from 1 January 2023:

•

IFRS 17 ‘Insurance Contracts’ – effective on 1 January 2023 and replaces IFRS 4 ‘Insurance Contracts’

•

Amendments to IAS 1 ‘Classification of Liabilities as Current or Non-current’ issued in January 2020 and effective from 1 January 2023.

An exposure draft was issued in November 2021 proposing for this effective date to be delayed to periods starting no earlier than

1 January 2024

•

Amendments to IAS 1 and IFRS Practice Statement 2 ‘Disclosure of Accounting Policies’ issued in February 2021 and effective from

1 January 2023

•

Amendments to IAS 8 ‘Definition of Accounting Estimates’ issued in February 2021 and effective from 1 January 2023

•

Amendments to IAS 12 ‘Deferred Tax Related to Assets and Liabilities arising from a Single Transaction’ issued in May 2021 and

effective from 1 January 2023

•

Amendments to IAS 7 and IFRS 7 ‘Supplier Finance Arrangements’ issued in July 2023 and effective from 1 January 2024

•

Amendments to IFRS 16 ‘Lease Liability in a Sale and Leaseback’ issued in July 2023 and effective from 1 January 2024

These IFRSs are not expected to have a material impact on the Group’s consolidated financial position or the performance of the Group.

These IFRSs are not expected to have a material impact on the Company’s financial position or the performance of the Company.

2 Formerly Assurance.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023160

1 Accounting policies continued

The UK Endorsement Board has issued the following new accounting pronouncements to be effective from 1 January 2022 and

applicable from 31 March 2023:

•

Reference to the Conceptual Framework (Amendments to IFRS 3)

•

Property, Plant and Equipment – Proceeds Before Intended Use (Amendments to IAS 16)

•

Onerous Contracts – Cost of Fulfilling a Contract (Amendments to IAS 37)

•

Annual improvements make minor amendments to IFRS 1 ‘First-time Adoption of IFRS’, IFRS 9 ‘Financial Instruments’, IAS 41

‘Agriculture’ and IFRS 16 ‘Leases’

The adoption of these pronouncements has had no significant impact on the Group consolidated Financial Statements.

Other new accounting pronouncements

In addition to the above, the following new accounting pronouncements have also been issued which are not yet effective but

the Group is not expecting them to have a significant impact on the Group’s consolidated Financial Statements:

•

Amendments to IAS 1 ‘Non-current Liabilities with Covenants’ issued in October 2022 and effective from 1 January 2024

•

Amendments to IAS 10 and IAS 28 ‘Sale or Contribution of Assets between an Investor and its Associate or Joint Venture’ issued

in September 2014 and postponed indefinitely

•

Amendments to IFRS 16 ‘Lease Liability in a Sale and Leaseback’ issued in September 2022 and effective from 1 January 2024

Basis of measurement

The consolidated Financial Statements have been prepared on the historical cost basis except for the revaluation of certain financial

instruments and investments. In addition, at the date of the acquisitions consideration payable is at fair value.

Functional and presentation currency

The Group and Company Financial Statements are presented in millions of Pounds Sterling (£m) because that is the currency

of the principal economic environment in which the Group operates.

Going concern

The Directors have acknowledged guidance published in relation to going concern assessments. The Group’s business activities,

together with the factors likely to affect its future development, performance and position, are set out in the Business Review and

Financial Review. The Group’s financial position, cash and borrowing facilities are also described within these sections.

The Financial Statements have been prepared on a going concern basis which the Directors consider to be appropriate for

the following reasons.

The Directors have prepared cash flow and covenant compliance forecasts for the 12 month period ending 30 September 2024 which

indicate that, taking account of severe but plausible downsides on the operations of the Group and its financial resources, the Group

and Company will have sufficient funds to meet their liabilities as they fall due for that period.

The going concern period is required to cover a period of at least 12 months from the date of approval of the Financial Statements

and the Directors still consider this 12 month period to be an appropriate assessment period due to the Group’s financial position and

trading performance and that its borrowing facilities do not expire until December 2026. The Directors have considered whether there

are any significant events beyond the 12 month period which would suggest this period should be longer but have not identified any

such conditions or events.

The Group is financed primarily by a £162.5m multi-currency revolving credit facility maturing in December 2026. Under these banking

arrangements, the Group can also request (seeking bank approval) an additional accordion facility to increase the total size of the

revolving credit facility by up to £75m. This accordion facility has not been considered in the Group’s going concern assessment as

it requires bank approval and is therefore uncommitted as at the date of approval of these consolidated financial statements.

As of 31 May 2023, net debt (excluding lease liabilities)

amounted to £49.6m which comprised cash of £34.1m, a bank overdraft

of £1.8m, a drawn revolving credit facility of £83.4m had been drawn under these facilities, leaving £79.1m (2022: £28.7m) of undrawn

facilities, excluding the uncommitted accordion facility of £75.0m. Unamortised arrangement fees of £1.5m have been offset against

the amounts drawn down, resulting in a carrying value of borrowings at 31 May 2023 of £81.9m. The Group’s day-to-day working capital

requirements are met through existing cash resources, the revolving credit facility and receipts from its continuing business activities.

The Group is required to comply with financial covenants for leverage (net debt to Adjusted EBITDA

) and interest cover (Adjusted

EBITDA

to interest charge) that are tested bi-annually on 31 May and 30 November each year. As of 31 May 2023, leverage

amounted

to 1.4x and net interest cover

amounted to 6.8 compared to a maximum of 3.0x and a minimum of 3.5x respectively. The terms and

ratios are specifically defined in the Group’s banking documents (in line with normal commercial practice) and are materially similar to

amounts noted in the these financial statements with the exceptions being net debt excludes IFRS 16 lease liabilities and Adjusted

EBITDA

. The Group was in compliance with the terms of all its facilities during the year, including the financial covenants on 31 May

2023, and based on forecasts, expects to remain in compliance over the going concern period. In addition, the Group has not sought

or is not planning to seek any waivers to its existing facilities.

It’s been a challenging year for the Group with a decline in the rate of revenue growth and overall profitability resulting in a loss before

taxation of £4.3m. The Group’s revenue performance and profitability suffered from the market dynamics within Cyber Security

. In

particular, the Group experienced buying decision delays and cancellations in the North American tech sector and our UK market.

These headwinds have further reinforced the need to accelerate the implementation of our next chapter of the Group strategy

following its communication in February 2023. This strategy requires a level of additional investment in 2024. Despite the above,

the Group has maintained consistent cash generation during the year.

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

2 Formerly Assurance.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 161

1 Accounting policies continued

Going concern continued

Following the year end, the Group has engaged in additional generating cost efficiencies across Cyber Security

and corporate

functions which is resulting in the implementation of a fundamental reorganisation generating further savings compared to the prior

year. As a result of all of the above, the base case going concern assessment has been prepared on the basis that market volatility

within Cyber Security

partially continues with overall profitability remaining similar to 2023.

With this context, the Directors have prepared a number of severe but plausible scenarios to the base cash going concern

assessment as follows:

a) No recovery from FY23 Q4 Cyber Security

trading performance – £6.4m reduction profit before tax

b) Loss of key customers – £4.2m reduction in profit before tax

c) Shortfall in forecast cost savings – annualised £3.2m reduction in profit before tax

d) Further inflationary pressures continue, worse and more prolonged than expected (wages, energy and interest) – £5.6m reduction

in profit before tax

e) Combination of Scenario a and d – £10.8m reduction in profit before tax

These scenarios have been modelled individually in order to assess the Group’s ability to withstand specific challenges. The Directors

do not believe it is plausible for all of the above downside scenarios to occur concurrently; however, they have modelled scenarios

combining risks (a and d). The impact of these severe but plausible scenarios has been reviewed against the Group’s projected cash

flow position, available committed bank facilities and compliance with financial covenants. These forecasts, including the severe but

plausible downsides, show that the Group is able to operate within its available committed banking facilities, with no forecasted

covenant breaches or requirement for facility waivers, and that the Group will have sufficient funds to meet its liabilities as they fall

due for that period.

From a Company perspective, the Company places reliance on other Group trading entities for financial support. The Company

controls these Group entities and therefore has the ability to direct the financial activities of the Group. Having reviewed the current

trading performance, forecasts, debt servicing requirements, total facilities and risks, the Directors are confident that the Company

and the Group will have sufficient funds to continue to meet their liabilities as they fall due for a period of at least 12 months from the

date of approval of these consolidated Financial Statements, which is determined as the going concern period. Accordingly, the

Directors continue to adopt the going concern basis of accounting in preparing the Group’s Financial Statements for the period ended

31 May 2023.

There are no post-Balance Sheet events which the Directors believe will negatively impact the going concern assessment.

1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items, including a reconciliation to statutory information.

Business combinations

Business combinations are accounted for by applying the acquisition method at the acquisition date, which is the date on which

control is transferred to the Group. The Group controls an entity when the Group is exposed to, or has rights to, variable returns

from its involvement with the entity and has the ability to affect those returns through its power over the entity.

Acquisitions and disposals

The Group measures goodwill at the acquisition date as:

•

The fair value of the consideration transferred; plus

•

The recognised amount of any non-controlling interests in the acquiree; plus

•

If the business combination is achieved in stages, the fair value of the existing equity interest in the acquiree; less

•

The fair value of the identifiable assets acquired, and liabilities assumed.

When the excess is negative, a bargain purchase gain is recognised immediately in profit or loss. The consideration transferred does not

include amounts related to the settlement of pre-existing relationships. Such amounts generally are recognised in the Income Statement.

Costs related to the acquisition, other than those associated with the issue of debt or equity securities, are expensed as incurred.

Any deferred or contingent consideration payable is recognised at fair value at the acquisition date. If the contingent consideration

is classified as equity, it is not remeasured, and settlement is accounted for within equity. Otherwise, subsequent changes to the fair

value of contingent consideration are recognised in the Income Statement. On a transaction-by-transaction basis, the Group elects

to measure non-controlling interests either at their fair value or at their proportionate interest in the recognised amount of the

identifiable net assets of the acquiree at the acquisition date.

The results of subsidiaries acquired or disposed of during the year are included in the Consolidated Income Statement from

the effective date of acquisition or up to the effective date of disposal, as appropriate. In addition, comparatives are also restated

to reclassify disposed businesses or those that meet the criteria of IFRS 5 ‘Non-current Assets Held for Sale and Discontinued

Operations’, as a discontinued operation.

2 Formerly Assurance.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023162

Notes to the Financial Statements continued

at 31 May 2023

1 Accounting policies continued

Subsidiaries

Subsidiaries are entities controlled by the Group. The Financial Statements of subsidiaries are included in the consolidated Financial

Statements from the date that control commences until the date that control ceases. Control is achieved where the Company has the

power to govern the financial and operating policies of an investee entity so as to obtain benefits from its activities. Intercompany

transactions and balances between subsidiaries are eliminated on consolidation.

Intangible assets and goodwill

Goodwill represents amounts arising on acquisition of subsidiaries. In respect of business acquisitions that have occurred since

1 June 2004, goodwill represents the difference between the cost of the acquisition and the fair value of the net identifiable assets

acquired including identifiable intangible assets. Identifiable intangibles are those which can be sold separately, or which arise from

legal rights regardless of whether those rights are separable.

In respect of acquisitions prior to 1 June 2004, goodwill is included at its deemed cost, which represents the amount recorded under UK

GAAP at 31 May 2004, which was broadly comparable, save that only separable intangibles were recognised and goodwill was amortised.

Goodwill is stated at cost less any accumulated impairment losses. Goodwill is allocated to cash generating units and is not amortised

but is tested annually for impairment. In respect of equity accounted investees, the carrying amount of goodwill is included in the

carrying amount of the investment in the investee.

Research and development

Expenditure on research activities is recognised in the Income Statement as an expense as incurred. Expenditure on development

activities is capitalised as “development costs” if the product or process is technically and commercially feasible, if the Group has

the technical ability and sufficient resources to complete development, if future economic benefits are probable and if the Group

can measure reliably the expenditure attributable to the intangible asset during its development. Development activities involve

a plan or design for the production of new or substantially improved products or processes.

Software costs

The Group capitalises “software costs” in accordance with the criteria of IAS 38. Software costs comprise third party costs and

internal colleague time costs for internal system developments. Capitalised amounts are initially measured at cost and amortised on

a straight-line basis over the period for which the developed system is expected to be in use as a business platform. Software costs

incurred as part of a service agreement are only capitalised when it can be evidenced that the Group has control over the resources

defined in the arrangement.

The expenditure capitalised includes the cost of materials, direct labour, overhead costs that are directly attributable to preparing

the asset for its intended use and capitalised borrowing costs. Other development expenditure is recognised in the Income Statement

as an expense as incurred. Software costs are stated at cost less accumulated amortisation and less accumulated impairment losses.

When the Group incurs customisation and configuration costs, as part of a service agreement for Software-as-a-Service (SaaS),

Infrastructure-as-a-Service (IaaS) or Platform-as-a-Service (PaaS), judgement is applied in assessing whether the Group has control

over the resources defined in the arrangement. These costs are treated in accordance with the March 2019 IFRIC update with regard

to the Customer’s Right to Receive Access to the Supplier’s Software Hosted on the Cloud (IAS 38 ‘Intangible Assets’) and the IFRIC

interpretation ratified by the Interpretations Committee in April 2021 with regard to Configuration or Customisation Costs in a Cloud

Computing Arrangement, as follows:

•

In specific circumstances, development costs incurred may give rise to an identifiable asset, for example where code/intellectual

property hosted on third party cloud infrastructure is controlled by the Group and the cost of moving the asset to another provider

or bringing on-premise is not prohibitive.

•

Amounts paid to the cloud vendor or third party for configuration and customisation that are not distinct from access to the cloud

software are expensed over the contract term.

•

In all other instances, configuration and customisation costs will be expensed as the customisation and configuration services

are received, for example a cloud provider’s monthly subscription.

Intangible assets

Expenditure on internally generated goodwill is recognised in the Income Statement as an expense as incurred. Intangible assets

that are acquired by the Group are stated at cost less accumulated amortisation and less accumulated impairment losses.

Amortisation

Amortisation is charged to the Income Statement on a straight-line basis over the estimated useful economic lives of intangible assets

unless such lives are indefinite. Intangible assets with an indefinite useful life and goodwill are systematically tested for impairment at each

Balance Sheet date. Intangible assets are amortised from the date they are available for use. The estimated useful lives are as follows:

Acquired customer contracts and relationships – between three and twenty years

Software – between three and five years

Capitalised development costs – between three and five years

Financial instruments

Financial assets and financial liabilities, in respect of financial instruments, are recognised in the Group and Parent Balance Sheet

when the Group or Company becomes a party to the contractual provisions of the instrument.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 163

1 Accounting policies continued

Classification and measurement of financial assets and liabilities

Classification of financial assets is generally based on the business model in which the financial asset is managed and its contractual

cash flow characteristics. A financial asset is measured at amortised cost if it is held with the objective of collecting the contractual

cash flows and its contractual terms give rise on specified dates to cash flows that are solely payments of principal and interest on

the principal amount outstanding. All other financial assets are measured at fair value through other comprehensive income or the

Income Statement.

Financial assets at amortised cost

Trade and other receivables

Trade receivables and other receivables that have fixed or determinable payments that are not quoted in an active market are

classified as financial assets measured at amortised cost.

Under the IFRS 9 “expected credit loss” model, a credit event (or impairment “trigger”) no longer needs to occur before credit losses

are recognised.

The Group analyses the risk profile of trade receivables based on past experience and an analysis of the receivables’ current financial

position, potential for a default event to occur, adjusted for specific factors, general economic conditions of the industry in which the

receivables operate and assessment of both the current and the forecast direction of conditions at the reporting date. A default event

is considered to occur when information is obtained that indicates that a receivable is unlikely to be paid to the Group.

Credit risk is regularly reviewed by management to ensure the expected credit loss (ECL) model is being appropriately applied.

The Group has performed the calculation of ECL separately for each business unit.

Financial liabilities at amortised cost

Trade payables

Trade payables are other financial liabilities initially measured at fair value and subsequently measured at amortised cost.

Impairment of non‑financial assets

The carrying amounts of the Group’s non-financial assets, other than deferred tax assets, are reviewed at each reporting date

to determine whether there is any indication of impairment. If any such indication exists, then the asset’s recoverable amount is

estimated. For goodwill, and intangible assets that have indefinite useful lives or that are not yet available for use, the recoverable

amount is estimated each year at the same time.

The recoverable amount of an asset or cash generating unit is the greater of its value in use (VIU) and its fair value less costs to sell

(FVLCTS). FVLCTS has been used for all CGUs for the year ended 31 May 2023. The FVLCTS valuation has been calculated by

assessing the value of each standalone CGU calculated using an Adjusted EBITDA

multiple based on estimated sustainable earnings

adjusted for specific items where relevant. VIU has predominantly been used in the year ended 31 May 2022, the estimated future

cash flows are discounted to their present value using a pre-tax discount rate that reflects current market assessments of the time

value of money and the risks specific to the asset.

For the purpose of impairment testing, assets that cannot be tested individually are grouped together into the smallest group of

assets that generates cash inflows from continuing use that are largely independent of the cash inflows of other assets or groups

of assets (the “cash generating unit”). The goodwill acquired in a business combination, for the purpose of impairment testing, is

allocated to cash generating units (CGUs). Subject to an operating segment ceiling test, for the purposes of goodwill impairment

testing, CGUs to which goodwill has been allocated are aggregated so that the level at which impairment is tested reflects the

lowest level at which goodwill is monitored for internal reporting purposes. Goodwill acquired in a business combination is allocated

to groups of CGUs that are expected to benefit from the synergies of the combination.

An impairment loss is recognised if the carrying amount of an asset or its CGU exceeds its estimated recoverable amount. Impairment

losses are recognised in the Income Statement. Impairment losses recognised in respect of CGUs are allocated first to reduce the

carrying amount of any goodwill allocated to the units, and then to reduce the carrying amounts of the other assets in the unit (group

of units) on a pro rata basis. An impairment loss in respect of goodwill is not reversed. In respect of other assets, impairment losses

recognised in prior periods are assessed at each reporting date for any indications that the loss has decreased or no longer exists.

An impairment loss is reversed if there has been a change in the estimates used to determine the recoverable amount. An impairment

loss is reversed only to the extent that the asset’s carrying amount does not exceed the carrying amount that would have been

determined, net of depreciation or amortisation, if no impairment loss had been recognised.

Subsequent expenditure

Subsequent expenditure is capitalised only when it increases the future economic benefits embodied in the specific asset to which

it relates. All other expenditure, including expenditure on internally generated goodwill, is recognised in the Income Statement as an

expense as incurred.

Consideration of climate risk impact

The impact of climate risk on the future cash flows has also been considered for scenarios analysed in line with the climate change

risk assessment. The climate change scenario analyses performed in 2023 – conducted in line with TCFD recommendations –

identified no material financial impact to the current year impairment assessments.

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023164

Notes to the Financial Statements continued

at 31 May 2023

1 Accounting policies continued

Related party transactions

A related party is a person or entity that is related to the Group or Company. Related party transactions are the transfer of resources,

services or obligations between parties regardless of whether a price is charged. In these circumstances, the Group or Company will

disclose the nature of the related party relationship as well as information about the transactions and outstanding balances

necessary for an understanding of the potential effect of the relationship on the Financial Statements in accordance with IAS 24

‘Related Party Transactions’.

Details of related party transactions are set out in Note 32 to these Financial Statements.

Property, plant and equipment

Property, plant and equipment assets are carried at cost less accumulated depreciation and any recognised impairment in value.

To the extent that borrowing costs relate to the acquisition, construction or production of a qualifying asset, borrowing costs are

capitalised as part of the cost of that asset. Depreciation is charged to the Income Statement on a straight-line basis over the

estimated useful economic lives of each part of an item of plant and equipment as follows:

Computer equipment – between three and five years

Plant and equipment – between three and five years

Furniture – between three and five years

Fixtures and fittings – five years

Motor vehicles – four years

Property, plant and equipment is also tested for impairment whenever there is an indication of potential impairment.

Leases

At inception of a contract, the Group assesses whether a contract is, or contains, a lease. A contract is, or contains, a lease if the

contract conveys the right to control the use of an identified asset for a period of time in exchange for consideration. To assess

whether a contract conveys the right to control the use of an identified asset, the Group assesses whether:

•

The contract involves use of the identified asset; this may be specified explicitly or implicitly and should be physically distinct

or represent substantially all of the capacity or a physically distinct asset. If the supplier has a substantive substitution right, then

the asset is not identified

•

The Group has the right to obtain substantially all of the economic benefits from use of the asset and throughout the period of

use The Group has the right to direct the use of the asset. The Group has this right when it has the decision-making rights that

are≈most relevant to changing how and for what purpose the asset is used. In rare cases where all the decisions about how and

for≈what purpose the asset is used are predetermined, the Group has the right to direct the use of the asset if either:

•

The Group has the right to operate the asset

•

The Group designed the asset in a way that predetermines how and for what purpose it will be used

The Group recognises a right-of-use asset and a lease liability at the lease commencement date. The right-of-use asset is initially

measured at cost, which comprises the initial amount of the lease liability adjusted for any lease payments made at or before the

commencement date, and an estimate of costs to dismantle and remove the underlying asset or to restore the underlying asset or

the site on which it is located, less any lease incentives received.

The right-of-use asset is subsequently depreciated using the straight-line method from the commencement date to the earlier

of≈the end of the useful life of the right-of-use asset or the end of lease term. The estimated useful lives of right-of-use assets are

determined on the same basis as those of property, plant and equipment. In addition, the right-of-use asset is periodically reduced

by impairment losses, if any, and adjusted for certain remeasurements of the lease liability.

The lease liability is initially measured at the present value of the lease payments that are not paid at the commencement date, discounted

using the interest rate implicit in the lease or, if that rate cannot be readily determined, the Group’s incremental borrowing rate.

The lease liability is measured at amortised cost using the effective interest method. It is remeasured when there is a change in future

lease payments arising from a change in an index or rate, if there is a change in the Group’s estimate of the amount expected to be

payable, or if the Group changes its assessment of whether it will exercise a purchase, extension or termination option.

When the lease liability is remeasured in this way, a corresponding adjustment is made to the carrying amount of the right-of-use

asset or is recorded in the Income Statement if the carrying amount of the right-of-use asset has been reduced to zero. The Group

has elected not to recognise right-of-use assets and lease liabilities for short-term leases that have a lease term of 12 months or less

and leases of low value assets, including certain IT equipment. The Group recognises the lease payments associated with these

leases as an expense on a straight-line basis over the lease term.

Lease rental costs in respect of short-term leases (less than one year) and low value assets which are exempt from being accounted

for under IFRS 16 are charged to the Income Statement on a straight-line basis over the period of the lease.

Investments

Investments in subsidiaries are carried at cost less impairment. Investments in property and unlisted shares are carried at cost less

impairment, which is based on the fair value at acquisition.

Inventories

Inventories are valued at the lower of cost and new realisable value. Net realisable value is the estimated selling price in the ordinary

course of the business, less applicable variable selling expenses. Items in transit where the Group has control are included in inventories.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 165

1 Accounting policies continued

Revenue recognition

Summary

The Group provides independent global Cyber Security

and Software Resilience services.

The revenue streams in relation to Cyber Security

include:

•

Global Professional Services (GPS) – global Cyber Security

consultancy services

•

Global Managed Services (GMS) – operational cyber defence, incident response, scanning, simulation and managed security

operations centres (SOCs) including new Microsoft XDR (Sentinel) proposition

•

Product sales – sale of own manufactured and/or resale of third party products

The revenue streams in relation to Software Resilience include:

•

Escrow contract services – securely maintain in “escrow” the long-term availability of business critical software and applications

•

Verification services – verify source code, and provide a fully managed secure service and result validation

While the detailed recognition is contract specific, and set out in the table on pages 167 to 170, in most cases:

•

GPS revenues are recognised on an input method over time

•

GMS revenues are bifurcated according to the separate performance obligations (see pages 167 to 169)

•

Product sales are recognised when control passes, usually on delivery

•

Escrow contract revenues are recognised over time

•

Verification services are recognised on the completion of the verification service

Revenue is presented net of VAT and other sales related taxes.

Revenue is measured based on the consideration specified in a contract with a customer. The Group recognises revenue when

it transfers control over a good or service to a customer.

Due to the nature of the Group’s activities, the Group transaction price for the majority of its contracts is entirely variable consideration

as these contracts are on a time and material basis, using set contractual rates per hour/day worked, giving rise to no estimation or

reversal risk at period end. The Group does not have any material obligations in respect of returns, refunds or warranties. The impact

of any financing component within contracts with customers has been assessed and concluded to be immaterial.

On contract inception, the probability of collectability is assessed across the Group and, unless there is a significant change in facts

and circumstances, revenue is recognised. During the year, no instances have been identified where reassessment of the collectability

has had to be reassessed, nor have there been any new contracts with customers for which the collection of consideration has not

been assessed at inception as probable.

2 Formerly Assurance.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023166

Notes to the Financial Statements continued

at 31 May 2023

1 Accounting policies continued

Revenue recognition continued

Detailed policies

The following table provides information about the nature and timing of the satisfaction of performance obligations in contracts

with customers by reportable segments, including significant payment terms, and the related revenue recognition policies.

Revenue stream Nature

Timing of satisfaction of performance

obligations and significant payment terms

Revenue recognition policies, including determination

of transaction price and rationale

Global

Professional

Services

( G P S )

GPS is the Group’s core

consulting service

represented by consultants

providing Cyber Security

consultancy services

to a customer over time or

to a set deliverable.

Some contracts may contain

multiple services (e.g. Cyber

Security

assessment and

certified product evaluation

services). These will be

identified as separate

performance obligations,

and the transaction price

allocated to each of these is

determined by using the fixed

contract rate based upon day

rates, being the relative

standalone selling price basis.

Specifically, the contract

terms range from time and

materials (based upon

consultants’ time and

expenses) discrete

statements of work,

whereby the customer

benefits gradually over the

period over which the work

is performed, unless there is

a set deliverable (for example

a defined security

assessment report).

The customer simultaneously

receives the benefits of the

consulting services provided by

the Group over the period over

which the work is performed

and one promise (performance

obligation) is identified. Work

is performed on a daily basis.

Invoices are raised monthly or based

on an agreed invoicing profile with

the customer.

Invoices are usually payable

within 30 days.

No discounts or retrospective

rebates are provided.

Revenue is recognised on an input basis

to measure the satisfaction of performance

obligations over time. This is done according

to the number of days worked in comparison

to the total contracted number of days of the

performance obligation. The work performed

occurs on a daily basis (for example security

assessment of a customer’s security

environment).

It is considered that as the customer benefits

over time based on consultants’ time, the

input method faithfully depicts the Group’s

performance towards complete satisfaction

of the single performance obligation.

Transaction price is determined by fixed

contract rates based upon day rates and

number of days.

The Group in certain

situations operates on

agreed customer terms,

which allow the Group to

recover any abortive revenue

from its customer in the

event that a customer

terminates a contract

before the contract or

deliverable is complete.

The customer simultaneously

receives and consumes the benefits

of the consulting services provided

by the Group over the period over

which the work is performed by the

Group and one performance

obligation is identified.

Invoices in relation to the abortive

revenue will be recognised when

aborted. Invoices are usually payable

within 30 days.

Revenue is recognised on an input basis to

measure the satisfaction of performance

obligations over time. This is done according

to the number of days worked in comparison

to the total contracted number of days of the

performance obligation.

Transaction price is determined by fixed

contract rates based upon day rates and

number of consultancy days.

Global

Managed

Services

(GMS)

These services provide

operational cyber defence,

incident response, scanning,

simulation and managed

security operations centres

(SOCs). Services are typically

for an extended delivery

duration, with contract

lengths varying up to

a maximum of five years.

The customer will benefit from

the services over the period

of the contract.

However, the type of contract

will depend on how the customer

benefits from the software licence(s).

The amount of revenue recognised in relation

to software licence(s) depends on whether

the Group acts as an agent or as a principal.

The Group acts as principal when the Group

controls the specified software licence or

service prior to transfer (MSP model).

2 Formerly Assurance.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 167

Revenue stream Nature

Timing of satisfaction of performance

obligations and significant payment terms

Revenue recognition policies, including determination

of transaction price and rationale

Global

Managed

Services

(GMS)

continued

The proposition will also

provide the customer with

software licence(s) to enable

these services to occur.

On this basis, the Group

operates two types

of contracts:

•

A Managed Service

Provider (MSP) model

whereby the customer is

supplied with one

complete integrated

service including the

software licence(s)

•

A reseller model whereby

the Group sources the

software licence(s) on

behalf of the customer and

provides the Managed

Detection and Response

services

These services will

also include set-up fees.

Set-up fees represent

workshops, design, and

configuration to create

a “connection”

between systems.

Following services going live,

the Group will also provide a

certain level of professional

service consultancy days

based on a day rate (post-go-

live fees).

Where an MSP model is selected by

the customer, the Group recognises

three performance obligations:

•

Set-up fees

•

Post-go-live fees

•

Combined monitoring cyber

and licence service

The MSP model is considered to be

under a principal arrangement

whereby the Group controls the

service prior to transfer.

Where a reseller model is selected by

the customer, the Group recognises

four performance obligations:

•

Sourced software licence(s)

•

Set-up fees

•

Post-go-live fees

•

Monitoring cyber service

The reseller model is considered to

be under an agency arrangement

whereby the customer receives the

benefit and control of the licence

on delivery.

Invoices are raised monthly or

based on an agreed invoicing

profile with the customer.

Invoices are usually payable within

30 days.

When the Group acts as a principal the

revenue recorded is the gross amount billed.

The transaction price is determined by a

contract price (cost plus mark-up). The

transaction price for the overall service is

outlined within the customer contract. In

certain scenarios, the contract will outline the

price for each performance obligation, which is

considered to be the standalone selling price of

the services/goods, and the transaction price is

allocated to each performance obligation on

this basis. Where the contract does not

stipulate the price per performance obligation,

management determines the relative

standalone selling price for each performance

obligation based on a market assessment

approach for the services provided in

comparison to market prices, and the contract

transaction price is allocated to

each performance obligation in proportion

to those standalone selling prices.

Under a reseller model, the Group’s

responsibility is to arrange for a third party to

provide a specified software licence(s) to the

customer. In these cases, the Group is acting as

an agent and the Group does not control the

relevant licence(s) before it is transferred to the

customer. In particular, the Group does not have

inventory risk, have access to its source code or

hold the IP rights.

When the Group is acting as an agent, the

revenue is recorded at the net amount retained

(commission) at a point in time as the customer

receives immediate benefit from access to the

licence and the Group does not have any further

obligations in relation to the provision of the

licence. The commission transaction value

represents the mark-up on the licence provided.

The majority of set-up fees relate to the reseller

model. Set-up fees are recognised over time of

the set-up. The set-up activities are completed

by a separate deployment team that typically

spans a period of 1-2 months. The set-up

activities do not customise the licence provided

by the third party but only allows a link between

the client’s infrastructure and the software

to allow monitoring services to be provided by

the Group one the set-up process is completed.

On this basis, the client can benefit from each

of the goods and services either on their own or

together with the other goods and services that

are readily available and the promise to transfer

the goods or service is distinct.

The set-up fees are based on day rates incurred

(defined by an in-house day rate sales pricing

matrix). Accordingly, the charge out rates are

recognised and allocated to these tasks when

performed akin to technical professional day

rate services. These rates are considered to be

the standalone selling prices and are not

discounted or reduced for other services.

1 Accounting policies continued

Revenue recognition continued

Detailed policies continued

NCC Group plc — Annual report and accounts for the year ended 31 May 2023168

Notes to the Financial Statements continued

at 31 May 2023

Revenue stream Nature

Timing of satisfaction of performance

obligations and significant payment terms

Revenue recognition policies, including determination

of transaction price and rationale

Global

Managed

Services

(GMS)

continued

Post-go-live fees are recognised on delivery of

consultancy services over time as the customer

obtains incremental benefit from the hours

provided. Revenue is recognised on an input

basis (day rates) to measure the satisfaction

of performance obligations over time.

Transaction price is determined by fixed

contract rates based upon day rates and

number of post-go-live consultancy days.

One performance obligation, being a

combined monitoring cyber and licence

service, is identified in relation to the MSP

model monitoring service. Revenue is

recognised over the contract length as the

software and monitoring process is an overall

service, whereby the Group retains control of

the licence and provides a complete monitoring

service to the customer. If the customer cancels

the contract, the Group will retain control of

the licence.

The customer benefits from a 24/7 monitoring

service whereby benefit is obtained daily and

therefore revenue is recognised on straight-line

basis as the performance obligation is satisfied

over time.

The transaction price is determined by fixed

contract rates for the combined services.

Revenue in relation to the reseller model

monitoring service is recognised over the

contract length on a straight-line basis as the

performance obligation is satisfied over time.

The customer benefits from a 24/7 monitoring

service whereby benefit is obtained daily on

straight-line basis.

Product sales

This revenue represents the

sale of own manufactured

and/or resale of third party

products with no connection

to other Group services.

The customer only benefits from the

products on delivery.

Invoices are raised monthly or based

on an agreed invoicing profile with

the customer.

Invoices are usually payable

within 30 days.

Revenue is recognised when control of the

product is transferred to the customer. This

occurs upon delivery under the contractual

terms.

On certain sales of third party products, the

control of the product is considered to pass

from the vendor to the end customer and in

these cases the Group acts as an agent, and

hence only records a commission on sale as

opposed to gross revenue and costs of sale.

Long-term

fixed price

contracts

This revenue represents the

long-term development and/

or manufacture of

specialised software

and hardware solutions.

Delivery of the product is

considered to represent one

performance obligation.

The development and/or

manufacturing work carried out by

the Group is not considered to create

an asset with an alternative use to the

entity. The Group is entitled to

payment as performance of the

contract is completed. On this basis,

revenue is recognised over time.

Invoices are raised based on

achievements of pre-defined

milestones in the contract.

Invoices are usually payable

within 30 days.

Revenue is recognised on an input basis to

measure the satisfaction of the performance

obligation over time. This is done according to

total costs incurred in comparison to the total

expected costs to be incurred to satisfy the

performance obligation. This input measure

is driven by the nature of the activities carried

out in satisfying the performance obligation.

The transaction price is fixed within the terms

of the contractual arrangement.

1 Accounting policies continued

Revenue recognition continued

Detailed policies continued

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 169

Revenue stream Nature

Timing of satisfaction of performance

obligations and significant payment terms

Revenue recognition policies, including determination

of transaction price and rationale

Software Resilience

Escrow

contract

services

These services securely

maintain in “escrow” the

long-term availability of

business critical software

and applications while

protecting the intellectual

property rights (IPR) of

technology partners.

The service will include

set-up time, which is

administrative in nature.

The customer benefits from the

escrow service evenly over a

contract period, usually at least

a year and potentially up to

three years.

The service represents one

performance obligation.

Invoices are raised based on

an agreed invoicing profile with

the customer.

Invoices are usually payable

within 30 days.

Revenue is recognised over time on a straight-

line basis representing the service delivery

agreement. The nature of the agreement gives

rise to the customer having the benefit of

Software Resilience if and when required over

the contract period. Revenue is recognised

on a straight-line basis as the pattern of benefit

to the customer as well as the Group’s efforts to

fulfil the contract are generally even throughout

the period.

The transaction price is determined

by a contract price.

Set-up time is not considered distinct and

a separate performance obligation due to

the administrative nature and therefore is

recognised over the period of the contract.

Verification

services

These services verify source

code based upon an agreed

scope between all parties

and provide a fully managed

secure service and result

validation, typically delivered

over a short period of time

(days).

These include SaaS services

and ICANN services.

The customer benefits from the

verification service on completion

because the source code will only

have been fully verified/validated at

that point.

The service represents one

performance obligation.

Invoices are raised monthly or based

on an agreed invoicing profile with

the customer.

Invoices are usually payable

within 30 days.

Revenue is recognised on completion of

the verification services.

Transaction price is determined by fixed

contract rates based upon day rates and

number of verification days.

Contract costs

Contract costs comprise incremental sales commissions paid to sales agents or external third parties, which can be directly attributed

to an acquired or retained contract. Capitalised commission costs are amortised on a systematic basis that is consistent with the

transfer to the customer of the services when the related revenues are recognised. In all other cases, all internal and external costs

of obtaining the contract are recognised as incurred.

Costs directly incurred in fulfilling a contract with a customer, which comprise labour hours on long-term contracts, are recognised

as an asset to the extent they are recoverable. Such costs are amortised on a systematic basis that is consistent with the transfer

to the customer of the services when the related revenues are recognised.

Accrued income (contract asset)

Accrued income represents the Group’s rights to consideration for work completed but not billed at the reporting date. Remaining

balances are transferred to receivables when the rights become unconditional.

Deferred revenue (contract liability)

Deferred revenue represents advanced consideration received from customers, for which revenue is recognised over time.

Long‑term loss‑making contracts

Long-term contracts are reviewed annually to establish if the contract is onerous in nature. In particular, the long-term contract

becomes an onerous contract when the unavoidable costs (i.e. the lower of the cost of fulfilling the contract and any compensation

or penalties arising from failure to fulfil it) exceed the economic benefits expected to be received under the contract. The assessment

of cost to fulfil includes costs that relate directly to the contract and includes direct costs of production, direct costs of supplies/

hardware from external suppliers (materials), direct labour in relation to performance obligations and if appropriate any potential

contractual fine dependent on items (performance obligations) not being delivered/performed. Any assets dedicated to the specific

contract are also tested for potential impairment.

1 Accounting policies continued

Revenue recognition continued

Detailed policies continued

NCC Group plc — Annual report and accounts for the year ended 31 May 2023170

Notes to the Financial Statements continued

at 31 May 2023

1 Accounting policies continued

Determination and presentation of operating segments

The Group determines and presents operating segments based on the information that is provided to the Board, which acts as the

Group’s chief operating decision maker (CODM) in order to assess performance and to allocate resources. An operating segment

is a component of the Group that engages in business activities from which it may earn revenues and incur expenses, including

revenues and expenses that relate to transactions with any of the Group’s other components. An operating segment’s results are

reviewed regularly by the CODM to make decisions about resources to be allocated to the segment and to assess its performance.

The Group reports its business in two key segments: the Cyber Security

division and the Software Resilience division. The two

reporting segments provide distinct types of service. Within each of the reporting segments the operating segments provide a

homogeneous group of services. The operating segments are grouped into the reporting segments on the basis of how they are

reported to the CODM. Operating segments are aggregated into the two reportable segments based on the types and delivery

methods of services they provide, common management structures, and their relatively homogeneous commercial and strategic

market environments. Both of the Group’s divisions (segments) are run by a senior executive team; those teams make all decisions

on resource allocation, product development, marketing and areas for focus and investment.

Allocation of central costs

Some costs are collected and managed in one location but are actually incurred on behalf of multiple operating segments or reporting

segments. These costs are then allocated to the reporting segments. The allocation is based on logical or activity driven cost

algorithms. The allocation is necessary to give an accurate picture of the consumption of resources by each reporting segment.

Individually Significant Items (ISI)

Individually Significant Items are identified as those items or projects that based on their size and nature and/or incidence are assessed

to warrant separate disclosure to provide supplementary information to support the understanding of the Group’s financial performance.

Where a project spans a reporting period(s) the total project size and nature are considered in totality. ISI’s typically comprise costs/

profits/losses on material acquisitions/disposals/business exits, fundamental reorganisation/restructuring programmes and other

significant one-off events. ISI’s are considered to require separate presentation in the notes to the Financial Statements in order

to fairly present the financial performance of the Group.

During the year ended 31 May 2023, the Group commenced a fundamental reorganisation/restructuring programme that will span future

reporting periods. In particular, it is expected that material costs will be incurred for the years ending 31 May 2024 and 2025 and the

Group will have to exercise judgement in assessing whether the restructuring items should be classified as individual significant items,

this will involve taking into account the nature of the item, cause of occurrence scale of the impact of those items on the reported

performance and after considering the original reorganisation programme principles and plans.

Foreign currencies

Transactions in foreign currencies are recorded using the appropriate monthly exchange rate ruling at the date of the transaction.

Monetary assets and liabilities denominated in foreign currencies are retranslated using the exchange rate ruling at the Balance

Sheet date and the gains or losses on translation are included in the Income Statement.

The assets and liabilities of overseas subsidiaries denominated in foreign currencies are retranslated at the exchange rate ruling at

the Balance Sheet date. The income statements of overseas subsidiary undertakings are translated at the average exchange rates

for the financial year. Gains and losses arising on the retranslation of overseas subsidiary undertakings are taken to the currency

translation reserve. They are released to the Income Statement upon disposal of the subsidiary to which they relate.

Foreign currency differences arising from the translation of qualifying cash flow hedges are recognised in OCI to the extent that

the hedges are effective.

Derivative financial instruments and hedge accounting

The Group holds derivative financial instruments to hedge its foreign currency risk exposures. Derivatives are initially measured at fair

value. Subsequent to initial recognition, derivatives are measured at fair value, and changes therein are generally recognised in profit

or loss. The Group designates certain derivatives as hedging instruments to hedge the variability in cash flows associated with highly

probable forecast transactions arising from changes in foreign exchange rates. At inception of designated hedging relationships, the

Group documents the risk management objective and strategy for undertaking the hedge. The Group also documents the economic

relationship between the hedged item and the hedging instrument, including whether the changes in cash flows of the hedged item

and hedging instrument are expected to offset each other.

Cash flow hedges

When a derivative is designated as a cash flow hedging instrument, the effective portion of changes in the fair value of the derivative

is recognised in OCI and accumulated in the hedging reserve. The effective portion of changes in the fair value of the derivative that

is recognised in OCI is limited to the cumulative change in fair value of the hedged item, determined on a present value basis, from

inception of the hedge. Any ineffective portion of changes in the fair value of the derivative is recognised immediately in profit or loss.

The Group designates only the change in fair value of the spot element of forward exchange contracts as the hedging instrument

in cash flow hedging relationships. The change in fair value of the forward element of forward exchange contracts (forward points)

is separately accounted for as a cost of hedging and recognised in a costs of hedging reserve within equity.

When the hedged forecast transaction subsequently results in the recognition of a non-financial item, the amount accumulated in the

hedging reserve and the cost of hedging reserve is included directly in the initial cost of the non-financial item when it is recognised.

For all other hedged forecast transactions, the amount accumulated in the hedging reserve and the cost of hedging reserve is

reclassified to profit or loss in the same period or periods during which the hedged expected future cash flows affect profit or loss.

2 Formerly Assurance.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 171

1 Accounting policies continued

Cash flow hedges continued

If the hedge no longer meets the criteria for hedge accounting or the hedging instrument is sold, expires, is terminated or is exercised,

then hedge accounting is discontinued prospectively. When hedge accounting for cash flow hedges is discontinued, the amount that

has been accumulated in the hedging reserve remains in equity until, for a hedge of a transaction resulting in the recognition of a

non-financial item, it is included in the non-financial item’s cost on its initial recognition or, for other cash flow hedges, it is reclassified

to profit or loss in the same period or periods as the hedged expected future cash flows affect profit or loss. If the hedged future cash

flows are no longer expected to occur, then the amounts that have been accumulated in the hedging reserve and the cost of hedging

reserve are immediately reclassified to profit or loss.

Colleague benefits – defined contribution pensions

The Group operates a defined contribution pension scheme. The assets of the scheme are kept separate from those of the Group

in an independently administered fund. The amount charged as an expense in the Income Statement represents the contributions

payable to the scheme in respect of the accounting period.

Short‑term benefits

Short-term colleague benefit obligations are measured on an undiscounted basis and are expensed as the related service is provided.

A liability is recognised for the amount expected to be paid under short-term cash bonus or profit-sharing plans if the Group has

a present legal or constructive obligation to pay this amount as a result of past service provided by the colleague and the obligation

can be estimated reliably.

Share‑based payment transactions

Share-based payments in which the Group receives goods or services as consideration for its own equity instruments are accounted

for as equity settled share-based payment transactions, regardless of how the equity instruments are obtained by the Group.

The grant date fair value of share-based payment awards granted to colleagues is recognised as a colleague expense, with

a corresponding increase in equity, over the period that the colleagues become unconditionally entitled to the awards. The fair value

of the options granted is measured using an option valuation model, taking into account the terms and conditions upon which the

options were granted.

The amount recognised as an expense is adjusted to reflect the actual number of awards for which the related service and non-

market vesting conditions are expected to be met, such that the amount ultimately recognised as an expense is based on the number

of awards that do meet the related service and non-market performance conditions at the vesting date. For share-based payment

awards with non-vesting conditions, the grant date fair value of the share-based payment is measured to reflect such conditions

and there is no true-up for differences between expected and actual outcomes.

Share-based payment transactions in which the Group receives goods or services by incurring a liability to transfer cash or other

assets that is based on the price of the Group’s equity instruments are accounted for as cash settled share-based payments. The fair

value of the amount payable to colleagues is recognised as an expense, with a corresponding increase in liabilities, over the period

in which the colleagues become unconditionally entitled to payment. The liability is remeasured at each Balance Sheet date and at

settlement date. Any changes in the fair value of the liability are recognised as personnel expense within the Income Statement.

Where the Company grants options over its own shares to the colleagues of a subsidiary it recognises in its individual Financial

Statements, an increase in the cost of investment in that subsidiary equivalent to the equity settled share-based payment charge

is recognised in respect of that subsidiary in its consolidated Financial Statements with the corresponding credit being recognised

directly in equity.

Holiday or vacation pay

The Group recognises a liability in the Balance Sheet for any earned but not yet taken holiday entitlement for staff. Earned holiday

is calculated on a straight-line basis over a holiday year, which can vary by business unit. Taken holiday is based on actually taken

holiday. Any movement in the liability between the opening and closing balance in the year is recorded as a colleague cost or

a reduction in colleague costs in the Income Statement in the year.

Borrowings

Borrowings are recognised initially at fair value less attributable transaction costs. Subsequent to initial recognition, borrowings

are stated at amortised cost with any difference between cost and redemption value being recognised in the Income Statement

over the period of the borrowings on an effective interest basis.

Finance costs

Finance costs are recognised within the Income Statement in the year in which they are incurred.

Provisions

Provisions are determined by discounting the expected future cash flows at a pre-tax rate that reflects current market assessments

of the time value of money and the risks specific to the liability. The unwinding of the discount is recognised as finance cost.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023172

Notes to the Financial Statements continued

at 31 May 2023

1 Accounting policies continued

Taxation

Taxation on the profit or loss for the year comprises current and deferred taxation. Taxation is recognised in the Income

Statement except to the extent that it relates to items recognised directly in equity, in which case it is recognised in equity.

Current tax is the expected tax payable or receivable on the taxable income or loss for the year, using tax rates enacted or

substantively enacted at the Balance Sheet date, and any adjustment to tax payable in respect of previous years.

Deferred tax is provided on temporary differences between the carrying amounts of assets and liabilities for financial reporting

purposes and the amounts used for taxation purposes. The following temporary differences are not provided for: the initial

recognition of goodwill; the initial recognition of assets or liabilities that affect neither accounting nor taxable profit other than

in a business combination; and differences relating to investments in subsidiaries to the extent that they will probably not reverse

in the foreseeable future. The amount of deferred tax provided is based on the expected manner of realisation or settlement of the

carrying amount of assets and liabilities, using tax rates enacted or substantively enacted at the Balance Sheet date. A deferred tax

asset is recognised only to the extent that it is probable that future taxable profits will be available against which the temporary

difference can be utilised.

UK RDEC tax credits are recognised for the UK tax jurisdiction within administrative expenses and R&D US tax credits within income

tax for the US tax jurisdiction.

Intra‑group financial instruments

Where the Company enters into financial guarantee contracts to guarantee the indebtedness of other companies within the Group,

the Company considers these to be insurance arrangements and accounts for them as such. In this respect the Company treats the

guarantee contract as a contingent liability until such time as it becomes probable that the Company will be required to make a

payment under the guarantee.

Cash and cash equivalents

Cash and cash equivalents comprise cash in hand and deposits repayable on demand. Bank overdrafts that are repayable on demand

form part of the Group’s cash management and are included as a component of cash and cash equivalents for the purpose only of the

Statement of Cash Flows.

Treasury shares

NCC Group plc shares held by the Group are deducted from equity as “treasury shares” and are recognised at cost. Consideration

received for the sale of such shares is also recognised in equity, with any difference between the proceeds from sale and the original

cost being taken to reserves. No gain or loss is recognised in the Income Statement on the purchase, sale, issue or cancellation of

equity shares.

2 Critical accounting judgements and key sources of estimation uncertainty

The preparation of Financial Statements requires management to exercise judgement in applying the Group’s accounting policies. Different

judgements would have the potential to change the reported outcome of an accounting transaction or Statement of Financial Position.

It also requires the use of estimates that affect the reported amounts of assets, liabilities, income and expenses. Actual results may differ

from these estimates. Estimates and underlying assumptions are reviewed on an ongoing basis, with changes recognised in the period in

which the estimates are revised and in any future periods affected. The table below shows those areas of critical accounting judgements

and estimates that the Directors consider material and that could reasonably change significantly in the next year.

Accounting area

Accounting

judgement?

Accounting

estimate?

Impairment of goodwill No Yes

Valuation of separately identifiable intangible assets (prior year) No Yes

2.1 Critical accounting judgements

No critical accounting judgements have been made in applying accounting policies that have the most significant effects

on the amounts recognised in the consolidated Financial Statements.

2.2 Key sources of estimation uncertainty

Information about estimation uncertainties that have a significant risk of resulting in a material adjustment to the carrying values

of assets and liabilities within the next financial year is addressed below.

While every effort is made to ensure that such estimates and assumptions are reasonable, by their nature they are uncertain, and as

such changes in estimates and assumptions may have a material impact. Estimates and assumptions used in the preparation of the

Financial Statements are continually reviewed and revised as necessary at each reporting date.

The Directors have considered the impact of climate change on the following estimation uncertainties. Due to nature of the climate

change impact on the Group, no material impact has been identified.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 173

2 Critical accounting judgements and key sources of estimation uncertainty continued

2.2 Key sources of estimation uncertainty continued

Impairment of goodwill

The Group has significant balances relating to goodwill at 31 May 2023 as a result of acquisitions of businesses in previous years. The

carrying value of goodwill at 31 May 2023 is £255.8m (2022: £266.1m). Goodwill balances are tested annually for impairment. The

Group allocated goodwill to cash-generating units (CGUs) which represent the lowest level of asset groupings that generate

separately identifiable cash inflows that are not dependent on other CGUs.

For the year ended 31 May 2023, tests for impairment are based on the calculation of a fair value less costs to sell (FVLCTS) which

has been used to establish the recoverable amount of the CGU. The FVLCTS valuation has been calculated by assessing the value of

each standalone CGU calculated using an Adjusted EBITDA

multiple based on estimated sustainable earnings adjusted for specific

items where relevant. Estimated sustainable earnings has been determined taking into account past experience and includes

expectations based on a market participant view of sustainable performance of the business based on market volatility and

uncertainty as at 31 May 2023.

The sustainable earnings figures used in this calculation include key assumptions regarding sustainable revenues and costs for the

business. If the assumptions and estimates used in this valuation prove to be incorrect, the carrying value of goodwill may be overstated.

The two CGUs which are most sensitive to reasonably possible changes in sustainable earnings are US Cyber Security

and Europe

Cyber Security

. A description of such estimates and reasonably possible sensitivities is provided in note 12.

Valuation of separately identifiable intangible assets (prior year)

In the prior year, as part of the acquisition of the IPM business the Group has acquired an intangible asset relating to the customer

relationships acquired with a fair value of £91.4m. The valuation approach taken is an income approach, specifically the multi-period

excess earnings method (MEEM). As part of this valuation exercise certain key sources of estimation uncertainty were identified in

the prior year that did have a significant risk of resulting in a material adjustment to the carrying amounts of assets and liabilities

in the next current year. A description of such estimates and reasonably possible sensitivities is provided in Note 35.

3 Alternative Performance Measures (APMs) and adjusting items

The consolidated Financial Statements include APMs as well as statutory measures. These APMs used by the Group are not defined

terms under IFRS and may therefore not be comparable with similarly titled measures reported by other companies. They are not

intended to be a substitute for, or superior to, Generally Accepted Accounting Practice (GAAP) measures. All APMs relate to the

current year results and comparative periods where provided.

This presentation is also consistent with the way that financial performance is measured by management and reported to the Board,

and the basis of financial measures for senior management’s compensation schemes, and provides supplementary information that

assists the user in understanding the financial performance, position and trends of the Group. At all times, the Group aims to ensure

that the Annual Report and Accounts gives a fair, balanced and understandable view of the Group’s performance, cash flows and

financial position. IAS 1 ‘Presentation of Financial Statements’ requires the separate presentation of items that are material in nature

or scale in order to allow the user of the accounts to understand underlying business performance.

We believe these APMs provide readers with important additional information on our business and this information is relevant for use

by investors, securities analysts and other interested parties as supplemental measures of future potential performance. However, since

statutory measures can differ significantly from the APMs and may be assessed differently by the reader we encourage you to consider

these figures together with statutory reporting measures noted. Specifically, we would note that APMs may not be comparable across

different companies and that certain profit related APMs may exclude recurring business transactions (e.g. acquisition related costs

and certain share-based payment charges) that impact financial performance and cash flows.

As the Group manages internally its performance at an Adjusted operating profit level (before Individually Significant Items, amortisation

of acquired intangibles and share-based payments), which management believes represents the underlying trading of the business.

This information is still disclosed as an APM within this Annual Report. This APM is reconciled to statutory operating profit, together with

the consequently Adjusted basic EPS (before amortisation of acquisition intangibles, share-based payments and Individually Significant

Items and tax effect thereon) to statutory basic EPS.

The Group has the following APMs/non-statutory measures:

APM

Closest equivalent

IFRS measure

Adjustments to reconcile

to IFRS measure

Note reference

for reconciliation

Definition, purpose and considerations

made by the Directors

Income Statement measures:

Constant

currency revenue

growth rates

Revenue growth

rates at actual

rates of currency

exchange

Retranslation of

comparative numbers at

current year exchange

rates to provide

constant currency

3 The Group also reports certain geographic

regions on a constant currency basis to reflect

the underlying performance taking into account

constant foreign exchange rates year on year.

This involves translating comparative numbers

to current year rates for comparability to enable

a growth factor to be calculated.

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

2 Formerly Assurance.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023174

Notes to the Financial Statements continued

at 31 May 2023

APM

Closest equivalent

IFRS measure

Adjustments to reconcile

to IFRS measure

Note reference

for reconciliation

Definition, purpose and considerations

made by the Directors

Income Statement measures: continued

Adjusted

operating profit

Operating profit

or loss

Operating profit or loss

before amortisation of

acquired intangibles,

share-based payments

and Individually

Significant Items

3 Represents operating profit before amortisation of

acquired intangibles, share-based payments and

Individually Significant Items.

This measure is to allow the user to understand

the Group’s underlying financial performance as

measured by management, reported to the Board

and used as a financial measure in senior

management’s compensation schemes.

The Directors consider amortisation of acquired

intangibles is a non-cash accounting charge

inherently linked to losses associated with

historical acquisitions of businesses.

The Directors consider share-based payments to

be an adjusting item on the basis that fair values

are volatile due to movements in share price,

which may not be reflective of the underlying

performance of the Group.

Individually Significant Items are items that are

considered unusual by nature or scale and are

of such significance that separate disclosure is

relevant to understanding the Group’s financial

performance and therefore requires separate

presentation in the Financial Statements in order

to fairly present the financial performance of

the Group.

Adjusted earnings

before interest, tax,

depreciation and

amortisation

(“Adjusted EBITDA”)

Operating profit

or loss

Operating profit or loss,

before adjusting items,

depreciation and

amortisation, finance

costs and taxation

3 Represents operating profit before adjusting items,

depreciation and amortisation to assist in the

understanding of the Group’s performance.

Adjusted EBITDA is disclosed as this is a measure

widely used by various stakeholders and used by

the Group to measure the cash conversion ratio.

Adjusted basic EPS

Statutory basic

EPS

Statutory basic EPS

before amortisation

of acquired intangibles,

share-based payments,

Individually Significant

Items and the tax

effect thereon

11 Represents basic EPS before amortisation of

acquired intangibles, share-based payments

and Individually Significant Items.

This measure is to allow the user to understand

the Group’s underlying financial performance as

measured by management, reported to the Board

and used as a financial measure in senior

management’s compensation schemes.

See further details above in relation to

amortisation of acquired intangibles and share-

based payments.

Balance Sheet measures:

Net debt excluding

lease liabilities

Total borrowings

(excluding lease

liabilities) offset

by cash and cash

equivalents

3 Represents total borrowings (excluding lease

liabilities) offset by cash and cash equivalents.

It is a useful measure of the progress in generating

cash, strengthening of the Group Balance Sheet

position, overall net indebtedness and gearing on

a like-for-like basis.

Net cash/(debt), when compared to available

borrowing facilities, also gives an indication of

available financial resources to fund potential

future business investment decisions and/or

potential acquisitions.

3 Alternative Performance Measures (APMs) and adjusting items continued

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 175

APM

Closest equivalent

IFRS measure

Adjustments to reconcile

to IFRS measure

Note reference

for reconciliation

Definition, purpose and considerations

made by the Directors

Balance Sheet measures: continued

Net debt

Total borrowings

(including lease

liabilities) offset

by cash and cash

equivalents

3 Represents total borrowings (including lease

liabilities) offset by cash and cash equivalents.

It is a useful measure of the progress in generating

cash, strengthening of the Group Balance Sheet

position, overall net indebtedness and gearing

including lease liabilities.

Net cash/(debt), when compared to available

borrowing facilities, also gives an indication of

available financial resources to fund potential

future business investment decisions and/or

potential acquisitions.

Cash flow measure:

Cash conversion

ratio

Ratio % of net

cash flow from

operating

activities before

interest and tax

divided by

operating profit

Ratio % of net cash

flow from operating

activities before

interest and tax divided

by EBITDA

3 The cash conversion ratio is a measure of how

effectively operating profit is converted into cash

and effectively highlights both non-cash

accounting items within operating profit and

also movements in working capital.

It is calculated as net cash flow from operating

activities before interest and taxation (as disclosed

on the face of the Cash Flow Statement) divided by

EBITDA for continuing activities.

The cash conversion ratio is a measure widely used

by various stakeholders and hence is disclosed to

show the quality of cash generation and also to allow

comparison to other similar companies.

The above APMs are consistent with those reported for the year ended 31 May 2022, except for the removal of the Group revenue and

Software Resilience revenue excluding IPM acquisition, which have been removed now that the Group has comparable data following

the acquisition in June 2021.

Adjusted EBITDA and Adjusted operating profit

The calculation of Adjusted EBITDA and Adjusted operating profit from continuing operations is set out below:

2023

£m

2022

£m

Operating profit 1.9 34.7

Depreciation of property, plant and equipment 4.5 3.9

Depreciation of right-of-use assets 5.7 5.4

Amortisation of customer contracts and relationships (acquired intangibles) 10.0 8.6

Amortisation of software and development costs 2.4 1.8

Individually Significant Items (Note 5) 14.7 0.9

Share-based payments charge (Note 26) 2.2 3.9

Adjusted EBITDA 41.4 59.2

Depreciation and amortisation (excluding amortisation charged on acquired intangibles) (12.6) (11.1)

Adjusted operating profit 28.8 48.1

3 Alternative Performance Measures (APMs) and adjusting items continued

NCC Group plc — Annual report and accounts for the year ended 31 May 2023176

Notes to the Financial Statements continued

at 31 May 2023

3 Alternative Performance Measures (APMs) and adjusting items continued

Net debt excluding lease liabilities and net debt

The calculation of net debt excluding lease liabilities and net debt is set out below:

2023

£m

2022

£m

Cash and cash equivalents (Note 24) 34.1 73.2

Bank overdraft (Note 24) (1.8) —

Borrowings (Note 24) (81.9) (125.6)

Net debt excluding lease liabilities (49.6) (52.4)

Lease liabilities (30.0) (32.6)

Net debt (79.6) (85.0)

Cash conversion ratio

The calculation of the cash conversion ratio is set out below:

2023

£m

2022

£m

Cash generated from operating activities before interest and taxation (A) 42.6 60.3

Adjusted EBITDA (B) 41.4 59.2

Cash conversion ratio (%) (A)/(B) 102.9% 101.9%

Constant currency revenue

The following tables show how constant currency revenue growth has been calculated and reconciled to statutory actual rate growth.

Group

Revenue:

Revenue

2023

£m

Revenue

2022

£m

change at

actual rates

Revenue

2023

£m

Constant

currency

revenue

2022

£m

change at

constant

currency

Total revenue 335.1 314.8 6.4% 335.1 330.3 1.5%

Unaudited proforma total revenue

Following the acquisition of IPM in the prior period, goodwill and intangible assets were recognised amounting to £68.6m and £92.6m

respectively. Management was required to recognise all assets and liabilities at fair value, giving rise to a fair value adjustment on the

level of deferred revenue acquired of £12.1m. This had resulted in a downward adjustment to the book value of IPM’s deferred revenues

reflecting the fair value of service still to be delivered. If the fair value adjustment had not applied, revenue would be £4.4m higher for

the 12 months ended 31 May 2022.

On this basis, management has set out below unaudited proforma information to show the consequential impact on the Group results

for the year ended 31 May 2023. Unaudited proforma total revenue is not a statutory measure.

Revenue

2023

£m

Revenue

2022 *

£m

change at

actual rates

Revenue

2023

£m

Constant

currency

revenue

2022

£m

change at

constant

currency

Total revenue 335.1 314.8 6.4% 335.1 330.3 1.5%

Software Resilience revenue adjustment — 4.4 n/a — 4.8 n/a

Unaudited proforma total revenue 335.1 319.2 5.0% 335.1 335.1 —

* 2022 revenue is not a statutory measure and includes the Software Resilience revenue adjustment.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 177

3 Alternative Performance Measures (APMs) and adjusting items continued

Constant currency revenue continued

Cyber Security

revenue analysis – by originating country:

Revenue

2023

£m

Revenue

2022

£m

change at

actual rates

Revenue

2023

£m

Constant

currency

revenue

2022

£m

change at

constant

currency

UK and APAC 118.4 114.6 3.3% 118.4 115.0 3.0%

North America 99.3 94.1 5.5% 99.3 104.4 (4.9%)

Europe 53.1 49.8 6.6% 53.1 51.1 3.9%

Total Cyber Security

revenue 270.8 258.5 4.8% 270.8 270.5 0.1%

Revenue

H1 2023

£m

Revenue

H1 2022

£m

change at

actual rates

Revenue

H1 2023

£m

Constant

currency

revenue

H1 2022

£m

change at

constant

currency

UK and APAC 61.6 54.6 12.8% 61.6 55.0 12.0%

North America 59.2 44.0 34.5% 59.2 51.0 16.1%

Europe 24.2 24.6 (1.6%) 24.2 24.9 (2.8%)

Total Cyber Security

revenue 145.0 123.2 17.7% 145.0 130.9 10.8%

Revenue

H2 2023

£m

Revenue

H2 2022

£m

change at

actual rates

Revenue

H2 2023

£m

Constant

currency

revenue

H2 2022

£m

change at

constant

currency

UK and APAC 56.8 60.0 (5.3%) 56.8 60.0 (5.3%)

North America 40.1 50.1 (20.0%) 40.1 53.4 (24.9%)

Europe 28.9 25.2 14.7% 28.9 26.2 10.3%

Total Cyber Security

revenue 125.8 135.3 (7.0%) 125.8 139.6 (9.9%)

Cyber Security

revenue analysed by type of service/product line:

Revenue

2023

£m

Restated *

Revenue

2022

£m

change at

actual rates

Revenue

2023

£m

Restated *

Constant

currency

revenue

2022

£m

change at

constant

currency

Global Professional Services (GPS) 199.3 195.4 2.0% 199.3 205.6 (3.1%)

Global Managed Services (GMS) 67.8 58.6 15.7% 67.8 60.3 12.4%

Product sales (own and third party) 3.7 4.5 (17.8%) 3.7 4.6 (19.6%)

Total Cyber Security

revenue 270.8 258.5 4.8% 270.8 270.5 0.1%

* Restated to present revenue by category to be consistent with amounts reported to management. Revenue of £6.4m has been represented within GPS

rather than product sales.

Revenue

H1 2023

£m

Revenue

H1 2022

£m

change at

actual rates

Revenue

H1 2023

£m

Constant

currency

revenue

H1 2022

£m

change at

constant

currency

Global Professional Services (GPS) 111.1 93.6 18.7% 111.1 100.6 10.4%

Global Managed Services (GMS) 32.2 28.4 13.4% 32.2 29.1 10.7%

Product sales (own and third party) 1.7 1.2 41.7% 1.7 1.2 41.7%

Total Cyber Security

revenue 145.0 123.2 17.7% 145.0 130.9 10.8%

2 Formerly Assurance.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023178

Notes to the Financial Statements continued

at 31 May 2023

3 Alternative Performance Measures (APMs) and adjusting items continued

Constant currency revenue continued

Cyber Security

continued

Revenue

H2 2023

£m

Revenue

H2 2022

£m

change at

actual rates

Revenue

H2 2023

£m

Constant

currency

revenue

H2 2022

£m

change at

constant

currency

Global Professional Services (GPS) 88.2 101.8 (13.4%) 88.2 105.0 (16.0%)

Global Managed Services (GMS) 35.6 30.2 17.9% 35.6 31.2 14.1%

Product sales (own and third party) 2.0 3.3 (39.4%) 2.0 3.4 (41.2%)

Total Cyber Security

revenue 125.8 135.3 (7.0%) 125.8 139.6 (9.9%)

Software Resilience

Software Resilience revenue analysis – by originating country:

Revenue

2023

£m

Revenue

2022

£m

change at

actual rates

Revenue

2023

£m

Constant

currency

revenue

2022

£m

change at

constant

currency

UK 25.8 25.4 1.6% 25.8 25.4 1.6%

North America 34.5 26.8 28.7% 34.5 30.2 14.2%

Europe 4.0 4.1 (2.4%) 4.0 4.2 (4.8%)

Total Software Resilience revenue 64.3 56.3 14.2% 64.3 59.8 7.5%

Revenue

H1 2023

£m

Revenue

H1 2022

£m

change at

actual rates

Revenue

H1 2023

£m

Constant

currency

revenue

H1 2022

£m

change at

constant

currency

UK 12.3 12.6 (2.4%) 12.3 12.7 (3.1%)

North America 17.3 12.3 40.7% 17.3 14.7 17.7%

Europe 2.0 2.0 — 2.0 2.0 —

Total Software Resilience revenue 31.6 26.9 17.5% 31.6 29.4 7.5%

Revenue

H2 2023

£m

Revenue

H2 2022

£m

change at

actual rates

Revenue

H2 2023

£m

Constant

currency

revenue

H2 2022

£m

change at

constant

currency

UK 13.5 12.8 5.5% 13.5 12.7 6.3%

North America 17.2 14.5 18.6% 17.2 15.5 11.0%

Europe 2.0 2.1 (4.8%) 2.0 2.2 (9.1%)

Total Software Resilience revenue 32.7 29.4 11.2% 32.7 30.4 7.6%

Software Resilience revenues analysed by service line:

Revenue

2023

£m

Revenue

2022

£m

change at

actual rates

Revenue

2023

£m

Constant

currency

revenue

2022

£m

change at

constant

currency

Software Resilience contracts 42.8 38.1 12.3% 42.8 40.4 5.9%

Verification services 21.5 18.2 18.1% 21.5 19.4 10.8%

Total Software Resilience revenue 64.3 56.3 14.2% 64.3 59.8 7.5%

2 Formerly Assurance.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 179

3 Alternative Performance Measures (APMs) and adjusting items continued

Constant currency revenue continued

Software Resilience continued

Revenue

H1 2023

£m

Revenue

H1 2022

£m

change at

actual rates

Revenue

H1 2023

£m

Constant

currency

revenue

H1 2022

£m

change at

constant

currency

Software Resilience contracts 21.3 18.7 13.9% 21.3 20.6 3.4%

Verification services 10.3 8.2 25.6% 10.3 8.8 17.0%

Total Software Resilience revenue 31.6 26.9 17.5% 31.6 29.4 7.5%

Revenue

H2 2023

£m

Revenue

H2 2022

£m

change at

actual rates

Revenue

H2 2023

£m

Constant

currency

revenue

H2 2022

£m

change at

constant

currency

Software Resilience contracts 21.5 19.4 10.8% 21.5 19.8 8.6%

Verification services 11.2 10.0 12.0% 11.2 10.6 5.7%

Total Software Resilience revenue 32.7 29.4 11.2% 32.7 30.4 7.6%

Software Resilience unaudited proforma total revenue

Following the acquisition of IPM in the prior period, goodwill and intangible assets were recognised amounting to £68.6m and £92.6m

respectively. Management was required to recognise all assets and liabilities at fair value, giving rise to a fair value adjustment on the

level of deferred revenue acquired of £12.1m. This had resulted in a downward adjustment to the book value of IPM’s deferred revenues

reflecting the fair value of service still to be delivered. If the fair value adjustment had not applied, revenue would be £4.4m higher

for the 12 months ended 31 May 2022.

On this basis, management has set out below unaudited proforma information to show the consequential impact on the Group results

for the year ended 31 May 2023. Software Resilience unaudited proforma total revenue is not a statutory measure.

Revenue

2023

£m

Revenue

2022

£m

change at

actual rates

Revenue

2023

£m

Constant

currency

revenue

2022

£m

change at

constant

currency

Software Resilience contracts 42.8 42.3 1.2% 42.8 45.0 (4.9%)

Verification services 21.5 18.4 16.8% 21.5 19.6 9.7%

Software Resilience unaudited proforma total revenue 64.3 60.7 5.9% 64.3 64.6 (0.5%)

1 2022 revenue is not a statutory measure and includes the Software Resilience revenue adjustment.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023180

Notes to the Financial Statements continued

at 31 May 2023

4 Segmental information

The Group is organised into the following two (2022: two) reportable segments: Cyber Security

and Software Resilience.

The two reporting segments provide distinct types of service. Within each of the reporting segments the operating segments provide

a homogeneous group of services. The operating segments are grouped into the reporting segments on the basis of how they

are reported to the Chief Operating Decision Maker (CODM) for the purposes of IFRS 8 ‘Operating Segments’, which is considered

to be the Board of Directors of NCC Group plc.

Operating segments are aggregated into the two reportable segments based on the types and delivery methods of services they provide,

common management structures, and their relatively homogeneous commercial and strategic market environments. Performance is

measured based on reporting segment profit, which comprises Adjusted operating profit

and adjusting items are not allocated to business

segments. Interest and tax are also not allocated to business segments and there are no intra-segment sales.

Segmental analysis 2023

Cyber

Security

£m

Software

Resilience

£m

Central and

head office

£m

Group

£m

Revenue 270.8 64.3 — 335.1

Cost of sales (184.7) (18.4) — (203.1)

Gross profit 86.1 45.9 — 132.0

Gross margin % 31.8% 71.4% 39.4%

General administrative expenses allocated (70.7) (14.7) (5.2) (90.6)

Adjusted EBITDA

15.4 31.2 (5.2) 41.4

Depreciation and amortisation (8.5) (0.6) (3.5) (12.6)

Adjusted operating profit

6.9 30.6 (8.7) 28.8

Individually Significant Items (Note 5) (12.3) (2.4) — (14.7)

Amortisation of acquired intangibles (1.2) (5.8) (3.0) (10.0)

Share-based payments (1.6) (0.1) (0.5) (2.2)

Operating profit (8.2) 22.3 (12.2) 1.9

Finance costs (6.2)

Loss before taxation (4.3)

Taxation (0.3)

Loss for the year (4.6)

Segmental analysis 2022

Cyber

Security

£m

Software

Resilience

£m

Central and

head office

£m

Group

£m

Revenue 258.5 56.3 — 314.8

Cost of sales (166.2) (16.0) — (182.2)

Gross profit 92.3 40.3 — 132.6

Gross margin % 35.7% 71.6% — 42.1%

General administrative expenses allocated (53.2) (17.5) (2.7) (73.4)

Adjusted EBITDA

39.1 22.8 (2.7) 59.2

Depreciation and amortisation (7.2) (0.8) (3.1) (11.1)

Adjusted operating profit

31.9 22.0 (5.8) 48.1

Individually Significant Items (Note 5) — (0.9) — (0.9)

Amortisation of acquired intangibles (0.9) (4.8) (2.9) (8.6)

Share-based payments (2.1) (0.3) (1.5) (3.9)

Operating profit 28.9 16.0 (10.2) 34.7

Finance costs (3.7)

Profit/(loss) before taxation 31.0

Taxation (8.0)

Profit for the year 23.0

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

2 Formerly Assurance.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 181

4 Segmental information continued

Segmental analysis 2023

Cyber

Security

£m

Software

Resilience

£m

Central and

head office

£m

Group

£m

Additions to non-current assets 7.0 0.3 4.3 11.6

Reportable segment assets 123.7 180.5 197.2 501.4

Reportable segment liabilities (131.4) (21.0) (70.8) (223.2)

Segmental analysis 2022

Cyber

Security

£m

Software

Resilience

£m

Central and

head office

£m

Group

£m

Additions to non-current assets 9.0 161.5 4.7 175.2

Reportable segment assets 128.7 236.9 210.8 576.4

Reportable segment liabilities (102.0) (36.5) (144.7) (283.2)

The Central and head office cost centre is not considered to be a separate operating segment nor part of any other operating segment

as it does not generate any revenues. Included within Central and head office are assets and liabilities not specifically allocated to the

reporting segments and include investments, head office tangible and intangible assets, deferred tax assets and liabilities, right-of-use

assets and associated lease liabilities, Parent Company cash balances, the RCF facility and certain provisions. Central and head office

assets and liabilities are disclosed to allow a reconciliation back to the Group’s assets and liabilities.

The net book value of non-current assets (excluding deferred tax assets) is analysed geographically as follows:

2023

£m

2022

(restated) *

£m

UK 164.6 171.4

APAC 2.4 2.8

North America 222.6 234.4

Europe 8.5 11.3

Total non-current assets 398.1 419.9

* Restated to reflect non-current assets (excluding deferred tax assets) previously stated at £417.4m (which included deferred tax assets) and represented

to present APAC non-current assets of £2.8m separately from the UK segment. UK and APAC previously presented £175.6m non-current assets, this is now

presented as APAC £2.8m and the UK restated to £171.4m. North America previously presented £230.5m non-current assets, this has now been restated to

£234.4m to reconcile with the closing balance sheet.

Revenue is disaggregated by primary geographical market, by category and by timing of revenue recognition as follows:

Cyber

Security

£m

Software

Resilience

£m

2023

Total

£m

Cyber

Security

£m

Software

Resilience

£m

2022

Total

£m

Revenue by originating country

UK 106.6 25.8 132.4 103.9 25.4 129.3

APAC 11.8 — 11.8 10.7 — 10.7

North America 99.3 34.5 133.8 94.1 26.8 120.9

Europe 53.1 4.0 57.1 49.8 4.1 53.9

Total revenue 270.8 64.3 335.1 258.5 56.3 314.8

Cyber

Security

£m

Software

Resilience

£m

2023

Total

£m

Restated

Cyber

Security *

£m

Software

Resilience

£m

2022

Total

£m

Revenue by category

Services 267.1 64.3 331.4 254.0 56.3 310.3

Products 3.7 — 3.7 4.5 — 4.5

Total revenue 270.8 64.3 335.1 258.5 56.3 314.8

* Restated to present revenue by category to be consistent with amounts reported to management. Revenue of £6.4m has been restated within services

rather than product sales.

2 Formerly Assurance.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023182

Notes to the Financial Statements continued

at 31 May 2023

4 Segmental information continued

Cyber

Security

£m

Software

Resilience

£m

2023

Total

£m

Restated

Cyber

Security

2, *

£m

Software

Resilience

£m

2022

Total

£m

Timing of revenue recognition

Services and products transferred over time 252.9 42.8 295.7 242.4 37.6 280.0

Services and products transferred at a point in time 17.9 21.5 39.4 16.1 18.7 34.8

Total revenue 270.8 64.3 335.1 258.5 56.3 314.8

* Restated to present revenue by category to be consistent with amounts reported to management. Revenue of £192.8m has restated within services and

products transferred over time rather than within services and products transferred at a point in time in the Cyber Security

division consistent with the

accounting policy applied.

There are no customer contracts in either 2023 or 2022 which account for more than 10% of segment revenue.

5 Individually Significant Items (ISI)

The Group separately identifies items as Individually Significant Items. Each of these is considered by the Directors to be sufficiently

unusual in terms of nature or scale so as not to form part of the underlying performance of the business. They are therefore separately

identified and excluded from adjusted results (as explained in Note 3).

Reference

2023

£m

2022

£m

North America Cyber Security

goodwill impairment a 9.8 —

Fundamental re-organisation costs b 4.2 —

Costs associated with strategic review of Software Resilience business c 3.0 —

NCC Group A/S goodwill impairment d 3.0 —

IPM Software Resilience business deferred income adjustment e (0.6) —

Profit on disposal of DDI business f (4.7) —

Costs directly attributable to the acquisition of IPM Software Resilience business g — 0.9

Total ISIs 14.7 0.9

£2.7m of costs associated with the strategic review of the Software Resilience business and £0.8m of fundamental re-organisation costs

(total £3.5m) have been accrued for at the year ended 31 May 2023, of which £0.3m are recognised as a redundancy provision. The

remaining £3.7m of these costs have been paid as cash during the year ended 31 May 2023 (2022: £nil costs accrued and £0.9m paid as

cash).

(a) North America Cyber Security

goodwill impairment

Following the annual impairment review of Goodwill, an impairment has been recognised amounting to £9.8m. For further details,

please see note 12. Such costs meet the Group’s policy for ISIs as this is a significant one-off event.

(b) Fundamental re‑organisation costs

In order to implement the next chapter of the Group’s strategy to enhance future growth, certain strategic actions are required

including reshaping the Group global delivery and operational model. This reshaping is considered a fundamental reorganisation and

restructuring programme (meeting the Group’s policy for ISIs) that will span reporting periods and the total project size and nature are

considered in totality. The programme commencement was accelerated following the Group experiencing specific market conditions

that validated the rationale of the next chapter of the Group’s strategy. The programme has three phases as follows:

•

Phase 1 (March–April 2023) – initial reduction in global delivery and operational headcount; c.7% reduction of the Group’s

global headcount

•

Phase 2 (June–September 2023) – a further reduction in global delivery, operational and corporate functions headcount prior

to opening our off-shore operations and delivery centre in Manila

•

Phase 3 (October 2023–May 2025) – finalisation of the Group’s operating model

Phases 2–3 are being implemented by the Group with the assistance of a third party to ensure the Group complete the fundamental

reorganisation efficiently.

Costs of £4.2m (2022: £nil) and cash outflow of £3.4m (2022: £nil) have been incurred in relation to the implementation of this

re-organisation and are made up of severance costs, associated taxes and professional fees for advisory and legal services. It is

expected that costs will be incurred for the years ending 31 May 2024 and 2025 and the Group will have to exercise judgement in

assessing whether the restructuring items should be classified as ISI, this will involve taking into account the nature of the item, cause

of occurrence and scale of the impact of those items on the reported performance, resultant benefits and after considering the

original reorganisation programme principles and plans.

2 Formerly Assurance.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 183

5 Individually Significant Items (ISI) continued

During February 2023, the Group announced its ongoing strategic review of the Software Resilience business and of other core

and non-core assets. During the year ended 31 May 2023, professional fees totalling £3.0m (2022: £nil) mainly in respect of

advisory services have been incurred. Such costs meet the Group’s policy for ISIs as they have been incurred as part of the wider

re-structuring/re-organisation activities that are ongoing within the Group. The Group has now stopped the strategic review of the

Software Resilience business, which will be revisited by the Board when considered appropriate.

(d) NCC Group A/S goodwill impairment

On 1 June 2022, the Group made the decision to re-organise its Danish business (NCC Group A/S) which had previously been a part

of the Europe Cyber Security

CGU. Following that re-organisation, the cash inflows associated with the Danish business are separately

identifiable and therefore the carrying value of the CGU assets has been assessed separately for impairment at 31 May 2023. The

charge of £3.0m (2022: £nil) represents the impairment of goodwill associated with the Danish business following completion of that

review. Such profits meet the Group’s policy for ISIs as this is a significant one-off event.

(e) IPM Software Resilience business deferred income adjustment

This represents an adjustment to the opening deferred income balance in respect of the IPM acquisition in June 2021. During FY23,

opening deferred income balances on verification tests totalling £0.6m have been identified for which the work has not been

performed and the statute of limitations has now expired. As the period of hindsight for adjusting goodwill has now expired

management has released these amounts to the income statement. Given the nature of this release which would typically have been

adjusted to goodwill it is considered to meet the definition of an individually significant item and has been classified as such.

(f) Profit on disposal of DDI business

On 31 December 2022, the Group disposed of its DDI business for cash consideration of £5.8m. The profit of £4.7m (2022: £nil) is

directly attributable to the disposal of the DDI business. Please see Note 34 for further details. Such profits meet the Group’s policy

for ISIs as the proceeds represent a material profit on disposal.

(g) Costs directly attributable to the acquisition of the IPM Software Resilience business

These costs are directly attributable to the material acquisition of the IPM Software Resilience business during the year ended

31 May 2022 and are therefore considered to meet the Group’s policy for ISIs. The nature of the costs includes legal, accountancy,

due diligence and other advisory services. The total costs amount to £8.5m, of which £nil has been charged to the Income Statement

in the year ended 31 May 2023 (2022: £0.9m, 2021: £7.6m). Of the total costs of £8.5m incurred, the Group saw a cash outflow of £nil

in the year ended 31 May 2023 (2022: £7.3m, 2021: £1.2m). The difference between the cash outflow and the costs charged to the

Income Statement relates to £6.4m of costs relating to services performed in the year ended 31 May 2021 but for which the cash

outflow did not occur until the year ended 31 May 2022 in line with supplier payment terms.

6 Expenses and auditor’s remuneration

2023

£m

2022

£m

Loss/(profit) before taxation is stated after charging/(crediting):

Amounts receivable by auditor and its associates in respect of:

Audit of these Financial Statements 1.1 1.0

Audit of Financial Statements of subsidiaries pursuant to legislation 0.2 0.2

Total audit

1.3 1.2

Amortisation of development costs (Note 12) 1.2 0.9

Amortisation of software costs (Note 12) 1.2 0.9

Amortisation of acquired intangibles (Note 12) 10.0 8.6

Depreciation of property, plant and equipment (Note 13) 4.5 3.9

Depreciation of right-of-use assets (Note 14) 5.7 5.4

Impairment charge/(reversal) of right-of-use-assets 0.5 (0.1)

Impairment of software costs 0.6 —

Individually Significant Items (ISIs) (Note 5) 14.7 0.9

Credit losses recognised on financial assets (Note 17) (1.5) 0.6

Cost of inventories recognised as an expense 0.6 1.0

Foreign exchange losses/(gains) 0.6 (0.6)

Lease rental costs charged:

– Hire of property, plant and equipment

— 0.1

Research and development UK tax credits (0.5) (1.0)

Profit on disposal of right-of-use assets (0.7) —

1 Formerly Assurance.

2 The only non-audit service provided by the auditor was for the interim review at 30 November 2021, for which the fee was £80,000. No interim review was

performed in the year ended 31 May 2023.

3 The charge to the Income Statement in respect of lease rental costs relates entirely to short-term leases for which the Group has taken the exemption

allowed from applying the principles of IFRS 16.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023184

Notes to the Financial Statements continued

at 31 May 2023

7 Staff numbers and costs

Directors’ emoluments are disclosed in the Remuneration Committee Report. Total aggregate emoluments of the Directors in respect of

2023 were £2.3m (2022: £2.2m). Employer contributions to pensions for Executive Directors for qualifying periods were £nil (2022: £nil).

The Company provided pension payments in lieu of pension contributions for three (2022: two) Executive Directors during the year

ended 31 May 2023 amounting to £32,000 (2022: £44,000). The aggregate net value of share awards granted to the Directors in the

period was £1.9m (2022: £1.4m). The net value has been calculated by reference to the closing mid-market price of the Company’s

shares on the day before the date of grant. During the year, 98,598 (2022: 237,448) share options were exercised by Directors and

their gain on exercise of share options was £13,463 (2022: £20,895).

The average monthly number of persons employed by the Group during the year, including Executive Directors, is analysed

by category as follows:

Number of colleagues

2023 2022

Operational 1,955 1,848

Administration 478 417

Total 2,433 2,265

The aggregate payroll costs of these persons were as follows:

2023

£m

2022

£m

Wages and salaries 208.1 180.7

Share-based payments (Note 26) 2.2 3.9

Social security costs 20.3 17.3

Other pension costs (Note 31) 6.3 5.1

Total payroll costs 236.9 207.0

8 Finance costs

2023

£m

2022

£m

Interest payable on bank loans and overdrafts 4.5 2.5

Unamortised underwriting fees associated with old revolving credit facility 0.6 —

Interest expense on lease liabilities 1.1 1.2

Finance costs 6.2 3.7

The above finance costs relate entirely to liabilities not at fair value through profit or loss.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 185

9 Taxation

Recognised in the Income Statement

2023

£m

2022

£m

Current tax expense

Current year 0.1 2.2

Adjustment to tax expense in respect of prior periods (2.8) 0.2

Impact of prior year US R&D tax credits (1.0) (1.1)

Foreign tax 5.9 6.5

Total current tax 2.2 7.8

Deferred tax expense

Origination and reversal of temporary differences (3.0) (0.4)

Movement in tax rate (0.2) (0.1)

Derecognition of deductible timing differences — 0.8

Impact of prior year US R&D tax credits (0.4) —

Adjustment to tax expense in respect of prior periods 1.7 (0.1)

Total deferred tax (1.9) 0.2

Total tax expense 0.3 8.0

Reconciliation of effective tax rate

2023

£m

2022

£m

(Loss)/profit before taxation (4.3) 31.0

Current tax using the UK effective corporation tax rate of 20% (2022: 19%) (0.9) 5.9

Effects of:

Items not deductible/(assessable) for tax purposes 2.6 0.5

Adjustment to tax charge in respect of prior periods (1.1) 0.1

Impact of prior year US R&D tax credits (1.4) (1.1)

Impact of current year US R&D tax credits (0.3) (0.2)

Differences between overseas tax rates 1.0 1.7

Movements in temporary differences not recognised 0.6 1.2

Movement in tax rate (0.2) (0.1)

Total tax expense 0.3 8.0

Current and deferred tax recognised directly in equity was a debit of £0.1m (2022: debit £0.3m), which relates to tax on share

based payments.

A combined prior year adjustment of £(1.1)m (current tax: £(2.8)m; deferred tax: £1.7m) largely reflects an adjustment to the tax

treatment of certain revenue and costs associated with the acquisition of the IPM business in FY22.

The UK government introduced legislation in the Finance Bill 2021 to increase the main rate of UK corporation tax from 19% to 25%

with effect from 1 April 2023. The legislation was substantively enacted on 24 May 2021 and therefore UK deferred tax balances

as at 31 May 2021, 31 May 2022 and 31 May 2023 are generally measured at a rate of 25%.

Tax uncertainties

The tax expense reported for the current year and prior year is affected by certain positions taken by management where there

may be uncertainty. The most significant source of uncertainty arises from claims for US R&D tax credits relating to the current and

previous periods. Uncertainty relates to the interpretation of US legislation applicable to periods where the statute of limitations has

not expired. For the periods ended 31 May 2017 to 31 May 2023, the aggregate net current tax benefit taken to the Income Statement

relating to US R&D tax credits is £5.6m (2022: £4.0m). As at 31 May 2023, the gross deferred tax asset relating to US R&D tax credits

is £1.4m (2022: £0.5m) although due to uncertainty a partial provision of £0.8m (2022: £0.3m) has been made against this asset.

The gross cumulative amount of US R&D tax credits amounts to £10.4m (2022: £9.3m) and the net cumulative amount is £6.2m

(2022: £5.1m). The cumulative provision of £4.2m comprises a deferred tax element (£0.8m) relating to tax credits as yet unutilised

against US tax and a current tax element (£3.4m) relating to utilised tax credits. The latter provision will unwind as the statute of

limitation windows expire for claims made in respective periods. The provision relating to utilised tax credits of £3.4m is expected

to unwind as follows: FY24: £1.2m, FY25: £1.0m, FY26: £0.4m and FY27: £0.8m.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023186

Notes to the Financial Statements continued

at 31 May 2023

10 Dividends

2023

£m

2022

£m

Dividends paid and recognised in the year 14.5 14.4

Dividends per share paid and recognised in the year 4.65p 4.65p

Dividends per share proposed but not recognised in the year 3.15p 3.15p

The proposed final dividend for the year ended 31 May 2023 of 3.15p per ordinary share (approximately £9.8m) was recommended

by the Board on 11 September 2023 and will be paid on 8 December 2023, to shareholders on the register at the close of business

on 10 November 2023. The ex-dividend date is 9 November 2023. The dividend will be recommended to shareholders at the AGM on

30 November 2023. The dividend has not been included as a liability as at 31 May 2023. The payment of this dividend will not

have any tax consequences for the Group.

Dividend policy

Dividends are the way the Company makes distributions from the Company’s distributable reserves to shareholders. The Board

decides the level of the dividend with each half-year reporting period (i.e. 30 November and 31 May). If an interim or final dividend

is declared, the Company pays the dividend approximately eight weeks after the results announcement. A dividend is paid for each

share, so the amount you receive depends on the number of shares you own.

The Company currently continues to pay a dividend equal to that paid in the prior years as the Board is conscious of the need

to invest in initiatives to support longer-term growth and service the debt profile following the recent acquisition.

11 Earnings per ordinary share

Earnings per ordinary share are shown on a statutory and an adjusted basis to assist in the understanding of the performance of the Group.

2023

£m

2022

£m

Statutory earnings (A) (4.6) 23.0

Number

of shares

Number

of shares

Weighted average number of shares in issue 311.1 309.5

Less: weighted average holdings by Group ESOT (0.7) —

Basic weighted average number of shares in issue (C) 310.4 309.5

Dilutive effect of share options 0.8 1.4

Diluted weighted average shares in issue (D) 311.2 310.9

For the purposes of calculating the dilutive effect of share options, the average market value is based on quoted market prices for the

period during which the options are outstanding.

2023

Pence

2022

Pence

Earnings per ordinary share

Basic (A/C) (1.5) 7.4

Diluted (A/D) (1.5) 7.4

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 187

11 Earnings per ordinary share continued

Adjusted basic EPS

is reconciled as follows:

2023

£m

2022

£m

Statutory earnings (A) (4.6) 23.0

Amortisation of acquired intangibles 10.0 8.6

Share-based payments 2.2 3.9

Individually Significant Items (see Note 5) 14.7 0.9

Tax effect of above items (3.4) (2.9)

Adjusted earnings (B) 18.9 33.5

2023

Pence

2022

Pence

Adjusted earnings per ordinary share

Basic (B/C) 6.1 10.8

Diluted (B/D) 6.1 10.8

12 Goodwill and intangible assets

Goodwill

£m

Software

£m

Development

costs

£m

Customer

contracts and

relationships

£m

Intangibles

sub-total

£m

Total

£m

Cost:

At 1 June 2021 238.9 14.5 11.7 73.1 99.3 338.2

Additions — 1.6 1.3 — 2.9 2.9

On acquisition 69.7 2.5 — 91.4 93.9 163.6

Effects of movements in exchange rates 13.5 0.1 (0.1) 12.3 12.3 25.8

At 31 May 2022 322.1 18.7 12.9 176.8 208.4 530.5

Additions — 2.5 0.9 — 3.4 3.4

Disposals (see Note 34) (1.0) — — — — (1.0)

Effects of movements in exchange rates 3.5 — — 2.4 2.4 5.9

At 31 May 2023 324.6 21.2 13.8 179.2 214.2 538.8

Accumulated amortisation and impairment:

At 1 June 2021 (56.0) (11.8) (9.0) (57.5) (78.3) (134.3)

Charge for year — (0.9) (0.9) (8.6) (10.4) (10.4)

Effects of movements in exchange rates — — 0.1 (1.2) (1.1) (1.1)

At 31 May 2022 (56.0) (12.7) (9.8) (67.3) (89.8) (145.8)

Charge for year — (1.2) (1.2) (10.0) (12.4) (12.4)

Impairment (12.8) (0.6) — — (0.6) (13.4)

Effects of movements in exchange rates — — (0.1) (0.4) (0.5) (0.5)

At 31 May 2023 (68.8) (14.5) (11.1) (77.7) (103.3) (172.1)

Net book value:

At 31 May 2022 266.1 6.0 3.1 109.5 118.6 384.7

At 31 May 2023 255.8 6.7 2.7 101.5 110.9 366.7

Development costs are capitalised in accordance with IAS 38 development criteria. For this reason, these are not regarded as

realised losses.

The impairment of software of £0.6m relates to a specific asset under development which was no longer deemed to be economically

viable and therefore development was ceased.

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023188

Notes to the Financial Statements continued

at 31 May 2023

12 Goodwill and intangible assets continued

Cash generating units (CGUs)

Goodwill and intangible assets are allocated to CGUs in order to be assessed for potential impairment. CGUs are defined by accounting

standards as the lowest level of asset groupings that generate separately identifiable cash inflows that are not dependent on other CGUs.

On 1 June 2022, the Group made the decision to re-organise its Danish business (NCC Group A/S) which had previously been a part

of the Europe Cyber Security

CGU. Following that re-organisation, the cash inflows associated with the Danish business are separately

identifiable and therefore the carrying value of the CGU assets have been assessed separately for impairment at 31 May 2023.

The IPM business was acquired on 1 June 2021, since this date the IPM business has been integrated into the wider North America

Software Resilience CGU such that the cash inflows relating to this business are no longer separately identifiable.

The CGUs and the allocation of goodwill to those CGUs are shown below:

Cash generating units

Goodwill

2023

£m

Goodwill

2022

£m

UK Software Resilience 22.9 22.9

North America Software Resilience 87.2 8.5

IPM Software Resilience — 76.9

Europe Software Resilience 7.4 7.3

Total Software Resilience 117.5 115.6

UK and APAC Cyber Security

44.3 45.4

North America Cyber Security

31.6 39.9

Europe Cyber Security

62.4 65.2

NCC Group A/S — —

Total Cyber Security

138.3 150.5

Total Group 255.8 266.1

Impairment review

Goodwill is tested for impairment annually at the level of the CGU to which it is allocated.

For the year ended 31 May 2022, the recoverable amount of all CGUs concerned was measured on a value in use basis (VIU), with the

exception of the Europe Cyber Security

CGU and the IPM Software Resilience CGU, which were measured on a fair value less costs

to sell (FVLCTS) basis. For the year ended 31 May 2023, the recoverable amount of all CGUs was measured on a fair value less costs

to sell basis.

Capitalised development and software costs are included in the CGU asset bases when performing the impairment review.

Capitalised development projects and software intangible assets are also considered, on an asset-by-asset basis, for impairment

where there are indicators of impairment.

The Directors have considered the impact of climate change on this review, with no material impact identified.

Fair value less costs to sell

For the year ended 31 May 2023, the recoverable amount of all CGUs has been determined on a fair value less costs to sell basis for

the purposes of the impairment review.

The valuation under FVLCTS is expected to exceed the valuation under VIU because uncommitted restructurings and resulting

operating efficiencies are not considered within in a VIU valuation in line with the requirements of IAS 36.

The FVLCTS valuation has been calculated by assessing the value of each standalone CGU calculated using an Adjusted EBITDA

multiple based on estimated sustainable earnings adjusted for specific items where relevant. Estimated sustainable earnings has

been determined taking into account past experience and includes expectations based on a market participant view of sustainable

performance of the business based on market volatility and uncertainty as at 31 May 2023. The sustainable earnings input is a level 3

measurement; level 3 measurements are inputs which are normally unobservable to market participants.

The Group incurs certain overhead costs in respect of support services provided centrally to the CGUs. Such support services

include Finance, Human Resources, Legal, Information Technology and additional central management support in respect of

stewardship and governance. In calculating sustainable earnings these overhead costs have been allocated to the CGUs based on the

extent to which each CGU has benefitted from the services provided. Commonly this is driven by time spent by the relevant central

department in supporting the CGU, informed by headcount or where possible specific cost allocations have been made. During the

year, this allocation has been refined to ensure the allocation is representative of the business operating model.

The Adjusted EBITDA

multiple used in the calculations is based on an independent third-party assessment of the implied enterprise

value of each CGU based on a population of comparable companies as at 31 May 2023. The estimated cost to sell was based on other

recent transactions that the Group has undertaken.

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

2 Formerly Assurance.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 189

12 Goodwill and intangible assets continued

Fair value less costs to sell continued

Impairment

During March 2023, the Group gave a trading update that market volatility had materially increased significantly impacting on Cyber

Security

revenue and profitability, particularly in the North American technology sector. The key factors were:

•

buying decision delays and cancellations exacerbated by North America tech sector client layoffs.

•

turmoil in the Banking sector following the failure of Silicon Valley Bank further knocking market confidence leading to reduced

appetite to spend on technology projects across sectors.

•

Interest rate increases in the US creating further inflationary challenges for clients.

The board has assessed the recoverable amount of the North America Cyber Security

CGU based on its FVLCTS at 31 May 2023 as

described above. Based on that assessment, the carrying amount of this CGU exceeded its recoverable amount and therefore an

impairment loss of £9.8m has been recognised reducing the value of goodwill allocated to this CGU to £31.6m. This amount has been

recognised as an Individually Significant Item (see Note 5). The impairment charge recognised has resulted in a reduction in the

carrying value of goodwill only.

On 1 June 2022, the Group made the decision to re-organise its Danish business (NCC Group A/S) which had previously been a part

of the Europe Cyber Security

CGU. Following this re-organisation, management has estimated the recoverable amount of the NCC

Group A/S CGU based on its FVLCTS at 31 May 2023 as described above. Based on that estimate an impairment loss of £3.0m has

been recognised reducing the value of Goodwill allocated to this CGU to £nil. This amount has been recognised as an individually

significant item (see Note 5). The impairment charge recognised has resulted in a reduction in the carrying value of goodwill only.

The Board has assessed the recoverable amount of the Europe Cyber Security

CGU based on its FVLCTS at 31 May 2023 as

described above. Based on that assessment the Board is satisfied that the recoverable amount exceeds the carrying value of assets

allocated to that CGU. However, there are reasonably possible changes to certain key inputs that could give rise to an impairment.

Please see sensitivity analysis below.

Sensitivity analysis

The key inputs used in the FVLCTS calculation are the Adjusted EBITDA

used and the multiple applied to that sustainable earnings.

Specifically, the key assumptions to the Adjusted EBITDA

are considered to be the expected revenue and costs that have been used

to calculate sustainable earnings.

The table below shows the sensitivity of headroom to reasonably possible changes in the key assumptions, after the £9.8m

impairment in the North America Cyber Security

CGU during FY23.

Sensitivities: impact on

carrying value

CGU

Headroom

£m

Decrease

in revenue

of 10%

£m

Increase

in all costs

of 5%

£m

North America Cyber Security

2,4

— (21.7) (26.5)

Europe Cyber Security

13.4 (9.9) (14.3)

If revenue included in sustainable earnings for North America Cyber Security

increased by 5%, while holding the gross margin

percentage at a fixed rate then there would be no impairment associated with this CGU.

With respect to the NCC Group A/S CGU, there is no reasonably possible scenario that would support a carrying value of goodwill

greater than £nil.

No other reasonably possibly changes in key inputs including the multiple could give rise to an impairment or further material

impairment to any CGUs.

In the prior year, for the Europe Cyber Security

CGU and the IPM Software Resilience CGU there were no reasonably possible change

in key inputs that could give rise to an impairment to any CGUs.

Value in use (for the year ended 31 May 2022 only)

VIU represents the present value of the future cash flows that are expected to be generated by the CGU to which the goodwill

is allocated.

VIU calculations are an area of management estimation. These calculations require the use of estimates (inputs), specifically: pre-tax

cash flow projections; long-term growth rates; and a pre-tax discount rate. Further detail in relation to these assumptions used in the

Group’s goodwill annual impairment review is as follows:

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

2 Formerly Assurance.

3 While holding gross margin percentage at a fixed rate.

4 Sensitivities shown for North America Cyber Security are in addition to the £9.8m impairment recognised in the year ended 31 May 2023.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023190

Notes to the Financial Statements continued

at 31 May 2023

12 Goodwill and intangible assets continued

Pre‑tax cash flow projections

Pre-tax cash flow projections are based on the Group’s budget for the forthcoming financial year and longer-term three year strategic plans

to 2025. The budget and three year strategic plan are compiled by the business unit management teams using a detailed, bottom-up

process with respect to revenue, margin and overheads, taking into account factors specific to that business unit as well as wider economic

factors such as industry growth expectations and the impact of Covid-19 or the Ukraine conflict.

The Group’s revenue forecasts are developed using the most reliable data available, such as the size of the existing contract base and

details of confirmed orders, as well as assumptions over key operational inputs to underpin the forecast for each revenue stream. The

combined effect of these individual assumptions on the overall growth rate assumed for each area of the business is then compared

to management’s experience of growth and the industry’s expected growth rate.

For cost forecasts, the majority of which are people related, headcount changes are forecast for delivery and sales staff in order that

there are sufficient resources to support the forecasted required revenue delivery capacity as well as to deliver against sales targets,

while also factoring in payroll inflation expectations. Overhead costs are also forecast using a bottom-up process.

Forecasts go through a detailed review process and are subject to challenge at each stage of review, including by the Executive

Committee. Ultimately the forecasts are approved by the Board.

Assumptions have then been applied for expected revenue, margin growth, overheads and Adjusted EBITDA ¹ for the subsequent

two years from the end of 2023. Adjusted EBITDA ¹ is considered a proxy for operating cash flow before changes in working capital.

Pre-tax cash flow projections also include assumptions on working capital and capital expenditure requirements for each CGU.

These assumptions are based on management’s experience of growth and knowledge of the industry sectors, markets and the

Group’s internal opportunities for growth and margin enhancement. The projections beyond five years into perpetuity use an

estimated long-term growth rate. Management has taken into account the impact of Covid-19 in formulating the above assumptions,

and the underlying uncertainty of Covid-19 has been reflected in the assumptions underpinning the cash flow forecasts for each CGU

rather than the pre-tax discount rates used in the impairment test.

Forecast working capital and capital expenditure included within the pre-tax cash flow projections are based on management’s

expectations of future expenditure required to support the Group and current run rate requirements.

The revenue % growth for the Cyber Security

CGU is considered by management to be appropriate for the specific industry in which

the CGU operates. Management has considered available external market data in determining the revenue growth rates over the five

year forecast period.

Long‑term growth rates

To forecast growth beyond the detailed cash flows into perpetuity, a long-term average growth rate ranging between 1.5% and 2.5%

for the year ended 31 May 2022 was used based on the specific geography of the CGU, as shown in the table below. This range

represents management’s best estimate of a long-term annual growth rate aligned to an assessment of long-term GDP growth rates.

A higher sector-specific growth rate would be a valid alternative estimate. A different set of assumptions may be more appropriate in

future years dependent on changes in the macro-economic environment. These rates are not greater than the published International

Monetary Fund average growth rates in gross domestic product for the next five year period in each relevant territory in which the

CGUs operate.

Growth rate

(%)

2023

Growth rate

(%)

2022

UK Software Resilience n/a 2.2

North America Software Resilience n/a 2.5

Europe Software Resilience n/a 1.5

UK and APAC Cyber Security

n/a 2.2

North America Cyber Security

n/a 2.5

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

2 Formerly Assurance.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 191

12 Goodwill and intangible assets continued

Pre‑tax discount rates

Discount rates can change relatively quickly for reasons both inside and outside of management’s control. Those outside

management’s direct control or influence include changes in the Group’s Beta, changes in risk free rates of return and changes

in Equity Risk Premia.

The discount rates are determined using a capital asset pricing model and reflect current market interest rates, relevant equity and

size risk premiums and the risks specific to the CGU concerned. On this basis, specific discount rates are used for each CGU in the

VIU calculation, and the rates reflect management’s assessment on the level of relative risk in each respective CGU. The table below

summarises the pre-tax discount rates used for each CGU:

Pre-tax

discount rate

(%)

2023

Pre-tax

discount rate

(%)

2022

UK Software Resilience n/a 13.5

North America Software Resilience n/a 14.4

Europe Software Resilience n/a 12.5

UK and APAC Cyber Security

n/a 13.5

North America Cyber Security

n/a 14.4

Sensitivity analysis (for the year ended 31 May 2022 only)

Sensitivity analysis has been performed in respect of certain VIU scenarios where management considers a reasonably possible

change in key assumptions could occur. The outcome of applying sensitivity analysis in respect of the above inputs indicated that

there is no reasonably possible scenario in which the carrying value of goodwill would be considered impaired.

13 Property, plant and equipment

Computer

equipment

£m

Fixtures,

fittings and

equipment

£m

Motor

vehicles

£m

Total

£m

Cost

At 1 June 2021 20.8 17.3 0.1 38.2

Additions 3.7 1.5 — 5.2

Movement in foreign exchange rates 0.1 0.3 — 0.4

At 31 May 2022 24.6 19.1 0.1 43.8

Additions 2.7 1.2 — 3.9

Disposals — — (0.1) (0.1)

Movement in foreign exchange rates 0.2 0.1 — 0.3

At 31 May 2023 27.5 20.4 — 47.9

Depreciation

At 1 June 2021 (17.5) (9.1) (0.1) (26.7)

Charge for year (2.7) (1.2) — (3.9)

Movement in foreign exchange rates — (0.3) — (0.3)

At 31 May 2022 (20.2) (10.6) (0.1) (30.9)

Charge for year (2.7) (1.8) — (4.5)

On disposals — — 0.1 0.1

Movement in foreign exchange rates (0.1) — — (0.1)

At 31 May 2023 (23.0) (12.4) — (35.4)

Net book value

At 31 May 2022 4.4 8.5 — 12.9

At 31 May 2023 4.5 8.0 — 12.5

2 Formerly Assurance .

NCC Group plc — Annual report and accounts for the year ended 31 May 2023192

Notes to the Financial Statements continued

at 31 May 2023

14 Right‑of‑use assets

Land and

buildings

£m

Motor

vehicles

£m

Total

£m

Cost:

At 1 June 2021 33.8 3.0 36.8

Additions 1.9 1.6 3.5

At 31 May 2022 35.7 4.6 40.3

Additions 2.9 1.4 4.3

Disposals (1.8) — (1.8)

Impairment (0.5) — (0.5)

At 31 May 2023 36.3 6.0 42.3

Depreciation:

At 1 June 2021 (10.8) (2.2) (13.0)

Charge for year (4.2) (1.2) (5.4)

Reversal of impairment 0.1 0.0 0.1

At 31 May 2022 (14.9) (3.4) (18.3)

Charge for year (4.4) (1.3) (5.7)

Disposals 0.3 — 0.3

At 31 May 2023 (19.0) (4.7) (23.7)

Net book value:

At 31 May 2022 20.8 1.2 22.0

At 31 May 2023 17.3 1.3 18.6

The Directors have considered the impact of climate change on right-of-use assets with no material impact identified.

15 Investments

Group

2023

£m

Group

2022

£m

Interest in unlisted shares 0.3 0.3

The investment in unlisted shares relates to a 3.35% ordinary shareholding in an unlisted company acquired as part of the Accumuli

acquisition. The investment’s carrying value at acquisition date was considered appropriate to use as the fair value. The Directors

consider there has been no change in the year.

An assessment of the investment did not identify any indications of impairment and, accordingly, no indicator-based impairment

testing has been undertaken. The Group receives annual dividends from the investment; the trading performance and the net assets

reported are strong and profitable.

16 Inventory

Group

2023

£m

Group

2022

£m

Goods for resale 0.8 0.9

The Group holds stock of certain critical components for key customers in relation to our own product sales (as opposed to third

party products). The carrying value of inventory is expected to be recovered or settled within one year. There have been no write-downs

of inventory in the year (2022: £nil). The Directors have considered the impact of climate change on inventory, with no material

impact identified.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 193

17 Trade and other receivables

Group

2023

£m

Group

2022

£m

Company

2023

£m

Company

2022

£m

Current

Trade receivables 26.7 40.6 — —

Prepayments 10.5 11.8 — —

Contract costs (see Note 23) 1.7 1.1 — —

Other receivables 2.0 1.2 — —

Contract assets – accrued income (see Note 23) 17.2 23.0 — —

Non-current

Amounts owed by Group undertakings — — 23.2 32.9

Total 58.1 77.7 23.2 32.9

Disclosed as follows:

Current assets 58.1 7 7.7 — —

Non-current assets — — 23.2 32.9

58.1 77.7 23.2 32.9

The carrying value of trade and other receivables classified at amortised cost approximates fair value. No credit losses have been

recognised in respect of amounts owed by Group undertakings (Parent Company only) in the year (2022: £nil).

Amounts owed by Group undertakings in the Parent Company Balance Sheet have been disclosed as repayable after more than one year.

Although these are repayable on demand, the disclosure as non-current is based on management’s expectation of the timing of repayment.

The ageing of trade receivables, other receivables and contract assets at the end of the reporting period was:

Group

Gross

2023

£m

Expected

credit losses

2023

£m

Net

2023

£m

Gross

2022

£m

Expected

credit losses

2022

£m

Net

2022

£m

Trade receivables:

Not past due 15.6 (0.1) 15.5 28.0 (0.1) 27.9

Past due 0–30 days 6.8 — 6.8 7.7 — 7.7

Past due 31–90 days 4.1 — 4.1 4.6 (0.1) 4.5

Past due more than 90 days 2.2 (1.9) 0.3 3.8 (3.3) 0.5

28.7 (2.0) 26.7 44.1 (3.5) 40.6

Other receivables:

Not past due 2.0 — 2.0 1.2 — 1.2

Contract assets:

Not past due 17.4 (0.2) 17.2 23.2 (0.2) 23.0

Total 48.1 (2.2) 45.9 68.5 (3.7) 64.8

The Company had no trade receivables (2022: £nil). The standard period for credit sales varies from 30 days to 60 days.

The Group assesses the creditworthiness of all trade debts on an ongoing basis providing for expected credit losses in line with IFRS 9.

The Group has considered credit risk rating grades; these are based on the ageing categories above. New customers are subject

to stringent credit checks.

The movement in the expected credit losses of trade and other receivables and contract assets is as follows:

Group

2023

£m

Group

2022

£m

Balance at 1 June (3.7) (1.9)

On acquisition (Note 35) — (1.4)

Released/(charged) to the Income Statement 1.5 (0.4)

Balance at 31 May (2.2) (3.7)

NCC Group plc — Annual report and accounts for the year ended 31 May 2023194

Notes to the Financial Statements continued

at 31 May 2023

18 Deferred tax assets and liabilities (Group)

Deferred tax assets and liabilities on the Consolidated Statement of Financial Position are offset in accordance with IAS 12.

A summary of this, offset with significant jurisdictions, is shown below:

2023

Asset/(liability)

£m

Netherlands

£m

Denmark

£m

Total

£m

Plant and equipment 0.2 (0.3) 0.3 — 0.2

Short-term temporary differences 0.2 8.9 — — 9.1

IFRS 16 assets/(liabilities) 0.3 0.2 — — 0.5

Intangible assets (1.4) (7.6) (1.7) — (10.7)

Share-based payments 0.3 0.2 — — 0.5

Tax losses 1.7 0.2 — — 1.9

Deferred tax asset/(liability) 1.3 1.6 (1.4) — 1.5

Analysed as follows:

Non-current assets 1.3 1.6 — — 2.9

Non-current liabilities — — (1.4) — (1.4)

2022

Asset/(liability)

£m

Netherlands

£m

Denmark

£m

Total

£m

Plant and equipment 0.3 (0.4) 0.3 — 0.2

Short-term temporary differences 0.2 6.2 — — 6.4

IFRS 16 assets/(liabilities) 0.3 0.2 — — 0.5

Intangible assets (1.8) (5.2) (1.8) — (8.8)

Share-based payments 0.9 0.6 — — 1.5

Deferred tax (liability)/asset (0.1) 1.4 (1.5) — (0.2)

Analysed as follows:

Non-current assets — 1.4 — — 1.4

Non-current liabilities (0.1) — (1.5) — (1.6)

Movement in deferred tax during the year:

1 June

2022

£m

Recognised

in income

statement

£m

Exchange

differences

£m

Recognised

in equity

£m

Acquisition

£m

31 May

2023

£m

Plant and equipment 0.2 — — — — 0.2

Short-term temporary differences 6.4 2.7 — — — 9.1

IFRS 16 assets/liabilities 0.5 — — — — 0.5

Intangible assets (8.8) (1.8) (0.1) — — (10.7)

Share-based payments 1.5 (0.9) — (0.1) — 0.5

Tax losses — 1.9 — — — 1.9

Total (0.2) 1.9 (0.1) (0.1) — 1.5

1 June

2021

£m

Recognised

in income

statement

£m

Exchange

differences

£m

Recognised

in equity

£m

Acquisition

£m

31 May

2022

£m

Plant and equipment 0.9 (0.5) (0.2) — — 0.2

Short-term temporary differences 4.8 0.9 0.7 — — 6.4

IFRS 16 assets/liabilities 0.5 — — — — 0.5

Intangible assets (7.5) (0.3) (0.3) — (0.7) (8.8)

Share-based payments 1.6 0.2 0.1 (0.4) — 1.5

Tax losses 0.5 (0.5) — — — —

Total 0.8 (0.2) 0.3 (0.4) (0.7) (0.2)

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 195

18 Deferred tax assets and liabilities (Group) continued

In the year ended 31 May 2023, the Group has recognised a deferred tax asset in relation to tax losses of £1.9m as management

considers it probable that future taxable profits will be available against which tax losses may be offset. In 2022, the Group recognised

no deferred tax asset in relation to tax losses. The Group has not recognised a potential deferred tax asset on £14.8m (2022: £35.7m) of

tax losses carried forward in the United Kingdom (£7.5m), Denmark (£4.1m), Australia (£2.5m) and United States (£0.7m) due to current

uncertainties over their future recoverability (and in the case of United Kingdom/United States because of specific legislative

restrictions). A deferred tax asset of £1.4m (2022: £0.5m) in respect of R&D tax claims submitted in the United States has been partially

provided against due to uncertainty with regard to recoverability; an amount of £0.8m has been provided (2022: £0.3m). No deferred tax

liability is recognised on temporary differences of £0.6m (2022: £0.4m) relating to the unremitted earnings of overseas subsidiaries as

the Group is able to control the timing of the reversal of these temporary differences and it is probable that they will not reverse in the

foreseeable future.

19 Trade and other payables

Group

2023

£m

Group

2022

£m

Company

2023

£m

Company

2022

£m

Trade payables 6.3 8.7 — —

Non-trade payables 8.6 11.4 — —

Accruals 29.8 28.2 — —

Amounts owed to Group companies — — 0.2 18.2

Total 44.7 48.3 0.2 18.2

The carrying value of trade and other payables classified as financial liabilities measured at amortised cost approximates fair value.

20 Lease liabilities

Land and

buildings

£m

Motor

vehicles

£m

Total

£m

At 1 June 2021 31.6 2.8 34.4

Additions 1.9 1.6 3.5

Lease payments (5.4) (1.1) (6.5)

Interest expense 1.0 0.2 1.2

At 1 June 2022 29.1 3.5 32.6

Additions 2.2 1.4 3.6

Disposals (0.2) — (0.2)

Lease payments (5.8) (1.3) (7.1)

Interest expense 1.0 0.1 1.1

At 31 May 2023 26.3 3.7 30.0

Analysed as follows:

2023

£m

2022

£m

Current 6.0 5.4

Non-current 24.0 27.2

The maturity of lease liabilities is as follows:

2023

£m

2022

£m

Less than one year 6.0 5.4

Two to five years 16.7 16.5

More than five years 7.3 10.7

Total lease liabilities 30.0 32.6

NCC Group plc — Annual report and accounts for the year ended 31 May 2023196

Notes to the Financial Statements continued

at 31 May 2023

20 Lease liabilities continued

The total cash outflow for leases in the year was £7.1m (2022: £6.5m), which consists of £6.0m (2022: £5.3m) principal element of lease

payments disclosed above, £1.1m (2022: £1.2m) interest element of leases payments and £nil (2022: £0.1m) lease payments charged to

the Income Statement in respect of short-term leases. The Group has used its incremental borrowing rate of 5.8% (2022: 3.3%) as the

discount rate for the calculation of the lease liabilities. Some leases contain break clauses or extension options to provide operational

flexibility. Potential future undiscounted lease payments not included in the reasonably certain lease term, and hence not included in

lease liabilities, total £4.9m (2022: £5.0m).

21 Provisions

Loss-making

contracts

£m

Onerous

property

costs

£m

Redundancy

provision

£m

Other

provisions

£m

Total

£m

Balance as at 31 May 2021 and 1 June 2021 1.1 1.7 — 0.2 3.0

Provisions created in the year 1.9 — — 0.6 2.5

Provisions utilised during the year (1.2) (0.7) — (0.1) (2.0)

Balance as at 31 May 2022 and 1 June 2022 1.8 1.0 — 0.7 3.5

Provisions created in the year — 0.7 0.3 — 1.0

Provisions utilised during the year (0.8) (0.3) — (0.7) (1.8)

Balance as at 31 May 2023 1.0 1.4 0.3 — 2.7

Analysed as follows (2023):

Current 0.6 0.3 0.3 — 1.2

Non-current 0.4 1.1 — — 1.5

Analysed as follows (2022):

Current 1.5 0.5 — 0.7 2.7

Non-current 0.3 0.5 — — 0.8

The loss-making contracts provision represents the estimated remaining net lifetime loss on long-term development and supply

contracts that are now expected to be fully completed in the 2024 calendar year mainly due to supply chain sourcing. It was expected

in the prior year that these contracts would have been completed in 2023. During the year, revenue has been recognised in relation

to these long-term contracts of £0.8m (2022: £2.3m).

The onerous property costs provision relates to unused floors in the Manchester head office building. The provision of £1.4m

(2022: £1.0m) at 31 May 2023 includes £0.9m (2022: £0.4m) of non-rent costs relating to the onerous properties including service

charges and insurance and also the estimated costs of disposing or terminating these leases, which includes rent incentives and

letting fees. The provision at 31 May 2023 also includes estimated dilapidations liabilities of £0.5m (2022: £0.6m) relating to the Group’s

leased premises. Both of these provisions are expected to unwind over the period of the relevant leases (2023 –2034). The impact of

discounting the cash flows is £0.3m (2022: £0.2m).

The redundancy provision represents accrued severance costs relating to the implementation of the re-organisation as detailed in Note 5.

Other provisions of £nil (2022: £0.7m) include reorganisation and CEO transition costs to which the Group was committed at 31 May 2022

and were settled within the year ended 31 May 2023.

22 Contract liabilities – deferred revenue

Deferred revenue represents advanced consideration received from customers, for which revenue is recognised over time. Deferred

revenue is analysed as follows and is considered a contract liability:

Group

2023

£m

Group

2022

£m

Analysed as follows:

Current 51.6 61.7

Non-current 3.3 0.6

54.9 62.3

Revenue recognised in the year ended 31 May 2023 that was included in the contract liability at 1 June 2022 amounted to £62.4m

(2022: £43.6m). The non-current element is expected to unwind in the year ended 31 May 2025. The Group has taken advantage

of the IFRS 15 practical expedient not to disclose when revenue will unwind for all contracts less than 12 months in length.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 197

23 Contract balances

The following table provides information about receivables, contract assets and contract liabilities from contracts with customers.

Notes

Group

2023

£m

Group

2022

£m

Receivables, which are included in trade and other receivables 17 26.7 40.6

Contract assets – accrued income 17 17.2 23.0

Contract costs – costs to obtain 17 1.7 1.1

Contract liabilities – deferred income 22 (54.9) (62.3)

Receivables represent invoiced services usually payable within 30 days whereby performance obligations have been satisfied.

Accrued income of £17.2m (of which £17.0m (2022: £20.3m) represents Cyber Security

accrued income) is the Group’s rights to

consideration for work completed but not billed at the reporting date. The contract assets accrued in the prior year of £23.0m were

fully recognised as trade receivables during the year ended 31 May 2023 and therefore the balance as at 31 May 2023 were fully

accrued during the period are transferred to receivables when the rights become unconditional. Credit losses of £0.2m (2022: £0.2m)

have been recognised in respect of contract assets.

The contract assets were not impacted by any impairment charge. The contract assets are transferred to receivables when the rights

become unconditional. This usually occurs when the Group issues an invoice to the customer. Invoices usually become payable within

30 days. The contract costs to obtain of £1.7m (2022: £1.1m) represent incremental sales commissions to obtain specific contracts

and are amortised over the length of the contract.

The contract costs to fulfil represent recoverable costs relating to future performance obligations and economic benefits to the

customer in relation to an onerous contracts.

Contract liabilities primarily relate to advanced consideration received from customers, for which revenue is recognised over time in

line with the respective performance obligation. No information is provided about remaining performance obligations at 31 May 2023

or at 31 May 2022 that have an original expected duration of one year or less, as allowed by IFRS 15.

24 Cash and cash equivalents and borrowings

Cash and cash equivalents

Cash and cash equivalents comprise:

Group

2023

£m

Group

2022

£m

Company

2023

£m

Company

2022

£m

Cash and cash equivalents 34.1 73.2 15.0 20.2

Bank overdraft (1.8) — — —

Total cash at bank and in hand 32.3 73.2 15.0 20.2

Borrowings are analysed as follows:

Maturity

Group

2023

£m

Group

2022

£m

Company

2023

£m

Company

2022

£m

Current liabilities:

Bank term loan 2024 — 18.5 — —

Non-current liabilities:

Revolving credit facility 2026 81.9 70.5 — —

Bank term loan 2024 — 36.6 — —

Total borrowings 81.9 125.6 — —

The maturity profile is as follows:

Group

2023

£m

Group

2022

£m

Company

2023

£m

Company

2022

£m

Less than one year — 18.5 — —

Two to five years 81.9 107.1 — —

Total borrowings 81.9 125.6 — —

2 Formerly Assurance.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023198

Notes to the Financial Statements continued

at 31 May 2023

24 Cash and cash equivalents and borrowings continued

Cash and cash equivalents continued

The RCF is drawn in short to medium-term tranches of debt that are repayable within 12 months of draw down. These tranches of

debt can be rolled over provided certain conditions are met, including compliance with all loan terms. The Group considers that it is

highly unlikely it would not be in compliance and therefore be unable to exercise its right to roll over the debt. The Directors therefore

believe that the Group has the ability and the intent to roll over the drawn RCF amounts when due and consequently has presented

the RCF as a non-current liability.

On 12 May 2021, the Group entered into a new Term Loan Facility Agreement. The facility made available under the Facility Agreement

(the “Term Facility”) was a $70m amortising term loan facility, to fund the acquisition of the IPM Software Resilience business. The rate of

interest on each loan under the Term Facility is the percentage rate per annum, which is equal to the aggregate of a compounded rate

based on the secured overnight financing rate (SOFR) administered by the Federal Reserve Bank of New York and the margin (based on

a leverage ratchet varying from 1.40% to 2.65% per annum). The Term Facility was due to be repaid in annual instalments of $23.3m on

each of 10 June 2022 and 10 June 2023, with a final instalment of $23.4m payable on 10 June 2024. The Term Facility Agreement also

contained financial covenants relating to leverage and interest cover and provisions relating to guarantor coverage consistent with the RCF.

In December 2022, the Group entered into a new four year £162.5m multi-currency revolving credit facility replacing our existing

£100m multi-currency revolving credit facility and the remaining $46.7m of the original $70m term loan that was maturing in June

2024. Key terms of the new facility are:

•

£162.5m multi-currency revolving credit facility maturing in December 2026

•

Additional £75m uncommitted accordion option

•

Increase to leverage covenant from 2.5x to 3.0x with an additional acquisition spike to 3.5x for the first 12 months of any acquisition

•

Weighted average interest rate of the facility is lower and payable on a ratchet mechanism, with a margin payable above SONIA

and SOFR in the range of 1.00% to 2.25% depending on the level of the Group’s leverage. The weighted average interest rate

is 5.92% as at 31 May 2023

•

The new facility is considered an extinguishment of the previous RCF and Term Loan Facility Agreement and therefore remaining

arrangement fees of £0.6m have been charged to the Income Statement during the year ended 31 May 2023. New arrangement

fees of £1.7m will be amortised over the new four year term to December 2026. Arrangement fees of £0.4m (2022: £0.4m) have been

charged to the Income Statement in the year ended 31 May 2023.

•

Certain subsidiaries of the Group act as guarantors to the new facility to provide coverage based on aggregate EBITDA

and gross assets.

As at 31 May 2023, the Group had committed bank facilities of £162.5m (2022: £155.1m), of which £83.4m (2022: £126.4m) had

been drawn under these facilities, leaving £79.1m (2022: £28.7m) of undrawn facilities. Unamortised arrangement fees of £1.5m

(2022: £0.8m) have been offset against the amounts drawn down, resulting in a carrying value of borrowings at 31 May 2023 of

£81.9m (2022: £125.6m). The fair value of borrowings is not materially different to its amortised cost.

25 Financial instruments

Loans and borrowings

Group

2023

£m

Group

2022

£m

Company

2023

£m

Company

2022

£m

Non-current

Variable rate:

Revolving credit facility (81.9) (70.5) — —

Bank term loan — (36.6) — —

(81.9) (107.1) — —

Current

Variable rate:

Bank term loan — (18.5) — —

Total loans and borrowings (excluding lease liabilities) (81.9) (125.6) — —

Cash 34.1 73.2 15.0 20.2

Bank overdraft (1.8) — — —

Net (debt)/cash (excluding lease liabilities)

(49.6) (52.4) 15.0 20.2

Non-current

Lease liabilities (24.0) (27.2) — —

Current

Lease liabilities (6.0) (5.4) — —

Net (debt)/cash

(79.6) (85.0) 15.0 20.2

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 199

25 Financial instruments continued

Reconciliation of movements in liabilities to cash flows arising from financing activities

Group

2023

£m

2022

£m

Revolving credit facility/bank term loan:

Drawdown on facility 70.8 120.7

Repayment of facility (115.6) (39.4)

Transaction costs (1.7) (0.6)

Interest costs (non-cash) 4.0 2.1

Interest paid on borrowings (4.0) (2.1)

Release of deferred arrangement fees 1.0 0.4

Foreign exchange movement 1.8 11.3

Movement in borrowings (43.7) 92.4

IFRS 16 lease liability:

New leases entered into 3.6 3.5

Disposals (0.2) —

Principal element of lease payments (6.0) (5.3)

Interest element of lease payments (1.1) (1.2)

Interest cost (non-cash) 1.1 1.2

Movement in lease liabilities (2.6) (1.8)

Financial risk management

The Group has exposure to the following risks from its use of financial instruments:

•

Credit risk

•

Liquidity risk

•

Currency risk

•

Interest rate risk

The Board has overall responsibility for establishing appropriate management of exposure to risk. The Audit Committee oversees

how management identifies and addresses risks to the Group.

Capital management

The Board’s policy is to maintain a strong capital base so as to maintain investor, creditor and market confidence and to sustain future

development of the business.

The Group monitors capital on the basis of the gearing ratio. This ratio is calculated as net (debt)/cash

divided by total capital. Net

(debt)/cash

is calculated as total borrowings as shown in the Consolidated Balance Sheet, less cash and cash equivalents. Total

capital is calculated as equity, as shown in the Consolidated Balance Sheet, plus net debt

. As at 31 May 2023 the Group’s gearing

ratio was 15.1% (2022: 15.5%).

Financial instruments policy

All instruments utilised by the Company and Group are for financing purposes. The financial management and treasury activities

of the Group are controlled centrally for all operations with local finance teams responsible for day-to-day banking activities.

Fair value of financial instruments

As at 31 May 2023, the Group and Company had no other financial instruments other than those disclosed below. In addition, no embedded

derivatives have been identified. There have been no transfers between levels in the year.

The following table presents the Group’s financial assets and liabilities that are measured at fair value by level of fair value hierarchy:

•

Quoted prices (unadjusted) in active markets for identical assets or liabilities (level 1)

•

Inputs other than quoted prices included within level 1 that are observable for the asset or liability, either directly (that is, as prices)

or indirectly (that is, derived from prices) (level 2)

•

Inputs for the asset or liability that are not based on observable market data (unobservable inputs) (level 3)

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023200

Notes to the Financial Statements continued

at 31 May 2023

25 Financial instruments continued

Fair value of financial instruments continued

Borrowings are held at amortised cost, which is considered to equate to fair value. All other assets and liabilities are held at either fair

value or their carrying value, which approximates to fair value.

2023 2022

Level 1

£m

Level 2

£m

Level 3

£m

Level 1

£m

Level 2

£m

Level 3

£m

Financial liabilities/(assets) at fair value through profit or loss — 0.6 — — (0.2) —

Total financial instruments — 0.6 — — (0.2) —

Credit risk

Credit risk is the risk of financial loss to the Group if a customer or counterparty to a financial instrument fails to meet its contractual

obligations and arises principally from the Group’s receivables from customers. The Group’s exposure to credit risk is influenced

mainly by the individual characteristics of each customer.

Exposure to credit risk

The carrying value of financial assets represents the maximum credit exposure. The maximum exposure to credit risk at the reporting

date was:

Group

2023

£m

Group

2022

£m

Company

2023

£m

Company

2022

£m

Trade receivables 26.7 40.6 — —

Other receivables 2.0 1.2 — —

Accrued income 17.2 23.0 — —

Contingent consideration receivable 3.8 — — —

Cash and cash equivalents 34.1 73.2 15.0 20.2

Total 83.8 138.0 15.0 20.2

The maximum exposure to credit risk for trade receivables and other receivables at the reporting date by geographic region was:

Trade receivables by geographical segment

Group

2023

£m

Group

2022 *

£m

Company

2023

£m

Company

2022

£m

UK 14.6 14.2 — —

APAC 1.2 1.0

North America 6.3 14.3 — —

Europe 6.6 12.4 — —

Total 28.7 41.9 — —

* Represented to present APAC trade receivables of £1.0m separately from the UK segment.

The maximum exposure to credit risk at the reporting date by business segment was:

Trade receivables by business segment

Group

2023

£m

Group

2022

£m

Company

2023

£m

Company

2022

£m

Cyber Security

25.1 35.4 — —

Software Resilience 1.8 6.5 — —

Central & head office 1.8 — — —

Total 28.7 41.9 — —

The trade receivables of the Group typically comprise many amounts due from a large number of customers and represent a spread

of industry sectors. The largest amount due from a single customer at the reporting date represented 3.1% (2022: 4.4%) of total Group

receivables. All of the Group’s cash is held with financial institutions of high credit rating.

The provisions in respect of trade receivables are used to record expected credit losses. The Group has dedicated credit control

teams, which regularly review customer debt balances to assess the risk of recovery.

2 Formerly Assurance.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 201

25 Financial instruments continued

Liquidity risk

Liquidity risk is the risk that the Group will not be able to meet its financial obligations as they fall due. The Group manages and

minimises liquidity risk by using global cash management solutions and actively monitoring both actual and projected cash outflows to

ensure that it will have sufficient liquidity to meet its liabilities when due and have headroom to provide against unforeseen obligations.

The Ukraine conflict is not considered to have a direct material impact on liquidity risk in the short term due to the Group having limited

direct exposure in the affected region. Longer term, the Group has assessed its liquidity forecast as part of the viability assessment

and its ability to continue trading as a going concern. For further detail on the Group’s assessment of liquidity risk refer to the Viability

Statement on page 81.

The following are the contractual maturities of financial liabilities, including interest payments, of the Group:

At 31 May 2023

Carrying

amount

£m

Contractual

cash flows

£m

<1 year

£m

1–2

years

£m

years

£m

years

£m

Borrowings (81.9) (98.0) (4.9) (4.9) (88.2) —

Bank overdraft (1.8) (1.8) (1.8) — — —

Contingent consideration payable (1.0) (1.0) (1.0) — — —

Lease liabilities (30.0) (33.6) (6.9) (6.1) (12.6) (8.0)

Trade and other payables (44.7) (44.7) (44.7) — — —

At 31 May 2022

Borrowings (restated)* (125.6) (132.0) (21.3) (21.3) (89.4) —

Contingent consideration payable (1.9) (1.9) (0.9) (1.0) — —

Lease liabilities (32.6) (36.4) (6.5) (5.5) (13.4) (11.0)

Trade and other payables (48.3) (48.3) (48.3) — — —

* Restated to correct the borrowings contractual cash flows resulting in an increase to those cash flows of £21.3m split between < 1 year increase of £1.6m,

1-2 years increase of £1.6m and 2+ years increase by £18.1m.

The contractual cash flows for borrowings disclosed above relate to the Group’s RCF facility for the year ended 31 May 2023,

which expires in December 2026, and in the prior year includes the Term Loan Facility Agreement that was due to expire in June 2024.

The contractual cash flows include an estimate of the interest payable based on the assumption that the borrowings remain drawn

based upon 31 May 2023 levels, except that the term loan which existed at 31 May 2022, is repayable over its term. Interest is

calculated based on SONIA/SOFR plus a margin based on the current leverage ratio .

Currency risk

The Group is exposed to currency risk on sales, purchases, cash and borrowings that are denominated in a currency other than the

respective functional and presentational currency of the Group. The Group’s management reviews the size and probable timing of

settlement of all financial assets and liabilities denominated in foreign currencies. The Group’s exposure to currency risk is as follows:

2023 2022

Sterling

£m

EUR

£m

USD

£m

Other

£m

Total

£m

Sterling

£m

EUR

£m

USD

£m

Other

£m

Total

£m

Trade receivables 11.0 7.0 7.1 1.6 26.7 12.9 11.7 15.9 0.1 40.6

Other receivables 2.0 — — — 2.0 0.5 — 0.6 0.1 1.2

Contract assets 5.5 3.9 6.7 1.1 17.2 6.5 4.3 11.5 0.7 23.0

Cash and cash equivalents 17.0 5.0 9.4 2.7 34.1 26.4 2.4 42.4 2.0 73.2

Bank overdraft (1.8) — — — (1.8) — — — — —

Borrowings (18.6) — (63.3) — (81.9) (26.2) — (99.4) — (125.6)

Lease liabilities (19.6) (2.0) (6.7) (1.7) (30.0) (21.4) (2.0) (7.3) (1.9) (32.6)

Trade and other payables (31.8) (9.2) (1.6) (2.1) (44.7) (28.1) (9.0) (8.9) (2.3) (48.3)

Total (36.3) 4.7 (48.4) 1.6 (78.4) (29.4) 7.4 (45.2) (1.3) (68.5)

A change in exchange rate of 10% would have an impact of £20.3m (2022: £19.0m) on revenue, £3.9m (2022: £4.2m) on operating

profit, £64.2m (2022: £43.6m) on net assets and £6.3m (2022: £9.9m) on borrowings.

The Group’s risk management policy is to hedge foreign currency exposure in respect of significant material transactions that may

arise from time to time. No such hedges were in place at 31 May 2022 or at 31 May 2023. The Group uses forward exchange contracts

to hedge its currency risk, which are short term in nature to match the maturity of the hedged item. These contracts are generally

designated as cash flow hedges.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023202

Notes to the Financial Statements continued

at 31 May 2023

25 Financial instruments continued

Currency risk continued

The Group designates the spot element of forward foreign exchange contracts to hedge its currency risk and applies a hedge ratio

of 1:1. The forward elements of forward exchange contracts are excluded from the designation of the hedging instrument and are

separately accounted for as a cost of hedging, which is recognised in equity in a cost of hedging reserve. The Group’s policy is for

the critical terms of the forward exchange contracts to align with the hedged item.

The Group determines the existence of an economic relationship between the hedging instrument and hedged item based on the currency,

amount and timing of their respective cash flows. Given the short-term nature of these hedges there is limited risk of ineffectiveness.

Interest rate risk

The Group and Company finance their operations through a combination of retained profits and bank borrowings. The Group borrows

and invests surplus cash at floating rates of interest based upon bank base rate. The cash and cash equivalents of the Group and

Company at the end of the financial year were as follows:

Group

2023

£m

2022

£m

Sterling denominated financial assets 17.0 26.4

Euro denominated financial assets 5.0 2.4

US Dollar denominated financial assets 9.4 42.4

Other denominated financial assets 2.7 2.0

Total 34.1 73.2

The financial assets and liabilities of the Company at the end of the financial year were as follows:

Company

2023

£m

2022

£m

Financial assets

Sterling denominated financial assets 15.0 20.2

Amounts owed by Group undertakings 23.2 32.9

Total 38.2 53.1

Financial liabilities

Amounts owed to Group undertakings 0.2 18.2

Total 0.2 18.2

A change of 100 basis points in interest rates would result in a difference in annual pre-tax profit of £0.9m (2022: £1.3m).

The financial liabilities of the Group (trade and other payables, borrowings and lease liabilities) and their maturity profile are as follows:

2023 2022

Sterling

£m

EUR

£m

USD

£m

Other

£m

Total

£m

Sterling

£m

EUR

£m

USD

£m

Other

£m

Total

£m

Less than one year (36.6) (10.3) (3.0) (2.6) (52.5) (30.7) (9.9) (28.9) (2.7) (72.2)

Two to five years (28.1) (0.9) (68.4) (1.2) (98.6) (35.8) (1.1) (85.2) (1.5) (123.6)

More than five years (7.2) — (0.1) — (7.3) (9.9) — (0.8) — (10.7)

Total (71.9) (11.2) (71.5) (3.8) (158.4) (76.4) (11.0) (114.9) (4.2) (206.5)

Climate change

The Directors have considered the impact of climate change on fair value measurement and financial instruments, with no material

impact identified.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 203

26 Share‑based payments

The Company has a number of share option schemes under which options to subscribe for the Company’s shares have been granted

to Directors and colleagues, details of which are illustrated in the tables below. Expected term of options represents the period over

which the fair value calculations are based. The share-based payment charge for the year was £2.2m (2022: £3.9m) of which £2.2m

(2022: £3.4m) related to equity settled payments and £nil (2022: £0.5m) to cash settled payments. The share-based payments

charge decreased during the year due to a number of schemes no longer being expected to meet performance criteria required

to give rise to options being granted.

Company Share Option (CSOP) scheme – equity settled

Under the CSOP scheme, options will vest if the average EPS growth for the three years following their grant is greater than

10% per annum. Options granted in September 2019 do not have any performance criteria.

Date of grant

Expected term

of options

Exercisable

between

Exercise

price

2023

Number

outstanding

August 2018 7 years August 2021–August 2028 £2.20 5,586

September 2019 7 years September 2022–September 2029 £1.79 279,312

Sharesave schemes – equity settled

The Company operates sharesave schemes, which are available to all colleagues based in the UK, Netherlands, Denmark, Spain and

Australia, and full-time Executive Directors of the Group and its subsidiaries who have worked for a qualifying period.

Date of grant

Expected term

of options

Exercisable

between

Exercise

price

2023

Number

outstanding

March 2019 3 years May 2022–October 2022 £0.99 7

March 2020 3 years May 2023–October 2023 £1.84 339,158

March 2020 3 years May 2023–October 2023 £1.84 202,877

May 2021 3 years May 2024–October 2024 £2.15 128,744

May 2021 3 years May 2024–October 2024 £2.15 251,147

May 2022 3 years May 2025–October 2025 £1.52 314,632

May 2022 3 years May 2025–October 2025 £1.52 755,013

May 2023 3 years June 2026–November 2026 £1.26 1,253,012

May 2023 3 years June 2026–November 2026 £1.26 268,214

Colleague stock purchase plan – equity settled

The Company operates a stock purchase plan, which is available to all US-based colleagues who have worked for a qualifying period.

All options are to be settled by equity. Under the scheme the following options have been granted and are outstanding at year end.

Date of grant

Expected term

of options

Exercisable

Exercise

price

2023

Number

outstanding

May 2022 1 year May 2023 £1.58 —

May 2023 1 year May 2024 £1.26 604,321

Incentive Stock Option (ISO) scheme – equity settled

Under the ISO scheme, options granted will be subject to performance criteria. Options will vest if the average EPS growth for the

three years following their grant is greater than 10% per annum.

Date of grant

Expected term

of options

Exercisable

between

Exercise

price

2023

Number

outstanding

August 2018 7 years August 2021–August 2028 £2.22 —

September 2019 7 years September 2022–September 2029 £1.82 49,446

NCC Group plc — Annual report and accounts for the year ended 31 May 2023204

Notes to the Financial Statements continued

at 31 May 2023

26 Share‑based payments continued

Long Term Investment Plan (LTIP) schemes – equity settled

Options granted on or after November 2017 to May 2021 have three separate vesting conditions as set out below:

•

60% will vest based on achieving an average increase in Group EPS of 20% or more over a three year period. If growth is equal to an

average of 9% (threshold), then 12% of the award will vest. If, however, growth is less than 9%, none of the award element will vest.

Between these two points, vesting is determined on a straight-line basis.

•

30% will vest based on achieving a cash conversion ratio

expressed as a percentage over the measurement period of greater than

70% per annum on average. If cash conversion

is greater than or equal to 80% per annum, then 100% of the award element will

vest. If, however, cash conversion is less than 70% per annum, none of the award element will vest. Between these two points,

vesting is determined on a straight-line basis.

•

10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding

investment trusts). If the Group’s TSR is consistent with the median group, 20% of the award will vest; below this level, none of the

award element will vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median

and upper quartile, vesting is determined on a straight-line basis.

Options granted in November 2021 have three separate vesting conditions as set out below:

•

60% will vest based on achieving an average increase in Group EPS of 22.5% or more over a three year period. If growth is equal

to an average of 9% (threshold), then 15% of the award will vest. If, however, growth is less than 9% per annum, none of the award

element will vest. Between these two points, vesting is determined on a straight-line basis.

•

30% will vest based on achieving a cash conversion ratio

expressed as a percentage over the measurement period of greater than

70% per annum on average. If cash conversion

is greater than or equal to 80% per annum, then 100% of the award element will

vest. If, however, cash conversion is less than 70% per annum, none of the award element will vest. Between these two points,

vesting is determined on a straight-line basis.

•

10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding

investment trusts). If the Group’s TSR is consistent with the median group, 20% of the award will vest; below this level, none of the

award element will vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median

and upper quartile, vesting is determined on a straight-line basis.

Options granted on or after October 2022 have three separate vesting conditions as set out below:

•

60% will vest based on achieving an average increase in Group EPS of 18% or more over a three year period. If growth is equal to

an average of 6% (threshold), then 15% of the award will vest. If, however, growth is less than 6% per annum, none of the award

element will vest. Between these two points, vesting is determined on a straight-line basis.

•

20% will vest based on achieving a cash conversion ratio

expressed as a percentage over the measurement period of greater than

80% per annum on average. If cash conversion

is greater than or equal to 90% per annum, then 100% of the award element will

vest. If, however, cash conversion is less than 80% per annum, none of the award element will vest. Between these two points,

vesting is determined on a straight-line basis.

•

20% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding

investment trusts). If the Group’s TSR is consistent with the median group, 15% of the award will vest; below this level, none of the

award element will vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median

and upper quartile, vesting is determined on a straight-line basis.

Date of grant

Expected term

of options

Exercisable

between

Exercise

price

2023

Number

outstanding

September 2019 3 years June 2022–August 2023 £nil 209,760

March 2020 3 years June 2022–August 2024 £nil —

May 2021 3 years June 2023–August 2025 £nil 516,791

November 2021 3 years June 2024–August 2026 £nil 1,101,449

October 2022 3 years October 2025–October 2026 £nil 1,297,672

November 2022 3 years November 2025–November 2026 £nil 113,521

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 205

26 Share‑based payments continued

Restricted State Unit (RSU) schemes – equity settled

Options granted related to the RSU schemes on or after August 2018 have three separate vesting conditions as set out below:

•

60% will vest based on achieving an average increase in Group EPS of 20% or more over a three year period. If growth is equal to an

average of 9% (threshold), then 12% of the award will vest. If, however, growth is less than 9%, none of the award element will vest.

Between these two points, vesting is determined on a straight-line basis.

•

30% will vest based on achieving a cash conversion ratio¹ expressed as a percentage over the measurement period of greater than

70% per annum on average. If cash conversion¹ is greater than or equal to 80% per annum, then 100% of the award element will

vest. If, however, cash conversion is less than 70% per annum, none of the award element will vest. Between these two points,

vesting is determined on a straight-line basis.

•

10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding

investment trusts). If the Group’s TSR is consistent with the median group, 20% of the award will vest; below this level, none of the

award element will vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median

and upper quartile, vesting is determined on a straight-line basis.

The options are to be settled in equity.

Date of grant

Expected term

of options

Exercisable

between

Exercise

price

2023

Number

outstanding

May 2021 3 years June 2023–August 2023 £0.01 138,554

Restricted Share Plan (RSP) – equity settled

The vesting condition for the award of RSPs relates to colleagues remaining with the Group for a certain period of time, namely two

years to receive 50% of the award, and a further year to receive the remaining 50%. There are no other performance conditions.

Date of grant

Expected term

of options

Exercisable

between

Exercise

price

2023

Number

outstanding

May 2021 2/3 years 50% exercisable August 2022 to August 2031,

50% exercisable August 2023 to August 2031

£nil (£0.01 in the US

and Canada) 536,839

November 2021 2/3 years 50% exercisable October 2023 to August 2032,

50% exercisable October 2024 to August 2032

£nil (£0.01 in the US

and Canada) 1,317,181

October 2022 2/3 years 50% exercisable October 2024 to October 2032,

50% exercisable October 2025 to October 2032

£nil (£0.01 in the US

and Canada) 1,139,412

November 2022 2/3 years 50% exercisable November 2024 to November 2032,

50% exercisable November 2025 to November 2032

£nil (£0.01 in the US

and Canada) 30,272

Deferred share scheme – equity settled

Date of grant

Expected term

of options

Exercisable

between

Exercise

price

2023

Number

outstanding

October 2021 2 years October 2023–October 2031 £nil 91,616

Phantom schemes – cash settled

Phantom schemes are used to allow the grant of LTIPs to members of the Executive Committee based in certain overseas locations at

a time when the Group’s option scheme rules were not structured to allow overseas grants. Options granted on or after September 2019

do not have any performance criteria.

Date of grant

Expected term

of options

Exercisable

between

Exercise

price

2023

Number

outstanding

September 2019 3 years September 2022–September 2023 £nil 22,345

July 2021 3 years August 2022–July 2031 £nil 15,500

November 2021 3 years October 2023–November 2031 £nil 15,500

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023206

Notes to the Financial Statements continued

at 31 May 2023

26 Share‑based payments continued

Measurement of fair values

The fair value of services received in return for share options is calculated with reference to the fair value of the award on the date

of grant. The fair value is spread over the period during which the colleague becomes unconditionally entitled to the award, adjusted

to reflect actual and expected levels of vesting.

The assumptions used in the models are illustrated in the tables below:

Scheme Grant date

Expected

volatility

Option

expected term

Risk free

interest rate

CSOP scheme August 2018–September 2019 48.0%–52.8% 7 years 0.35%–2.00%

Sharesave scheme March 2019–May 2023 39.7%–55.7% 3 years 0.13%–2.20%

ESPP scheme May 2022–May 2023 53.8%–55.7% 1 year 1.15%–2.20%

Special Award (CEO) September 2022 n/a 2 years n/a

ISO scheme September 2019 77.0% 7 years 0.38%

LTIP scheme September 2019–November 2022 37.2%–55.5% 3 years 0.21%–2.00%

RSU scheme May 2021 42.3% 3 years 0.32%

RSP scheme May 2021–November 2022 n/a 10 years n/a

Deferred shares October 2021 56.0% 2 years 0.35%

Phantom schemes September 2019–November 2021 52.8%–55.5% 3 years 1.81–1.96%

Scheme Grant date

Fair value at

measurement date

Weighted average

fair value at

measurement date

Exercise

price

Weighted average

exercise value at

measurement date

CSOP scheme August 2018–September 2019 £0.55–£0.63 £0.55 £1.79–£2.20 £1.80

Sharesave scheme March 2019–May 2023 £0.39–£0.86 £0.59 £0.99–£2.15 £1.52

ESPP scheme May 2022–May 2023 £0.30–£0.55 £0.30 £1.26–£1.58 £1.26

Special Award (CEO) September 2022 £2.30 £2.30 £2.30 £2.30

ISO scheme September 2019 £0.54 £0.54 £1.82 £1.82

LTIP scheme September 2019–November 2022 £1.61–£2.87 £2.19 £nil £nil

RSU scheme May 2021 £2.87 £2.87 £0.01 £0.01

RSP scheme May 2021–November 2022 £1.93–£2.85 £2.28 £nil £nil

Deferred shares October 2021 £2.47 £2.47 £nil £nil

Phantom schemes September 2019–November 2021 £1.84–£2.87 £2.44 £nil £nil

The expected volatility has been based on an evaluation of the historical volatility of the Company’s share price, particularly over

the historical period commensurate with the expected term. The expected term of the instruments has been based on historical

experience and general option holder behaviour. For the options granted in the year ended 31 May 2023, dividend yield assumed

at the time of option grant is 1.75% (2022: 1.75%).

Reconciliation of outstanding share options

The options outstanding at 31 May 2023 have an exercise price in the range of £nil to £2.15 (2022: £nil to £2.15) and a weighted

average contractual life of three years (2022: three years).

The following table illustrates the number and weighted average exercise prices (WAEP) of, and movements in, outstanding share

awards during the year:

2023

Number

’000

2023

WAEP

2022

Number

’000

2022

WAEP

Outstanding at 1 June 11,431 £0.68 9,494 £0.79

Granted during the year 5,114 £0.55 5,605 £0.75

Exercised during the year (1,488) £0.10 (1,028) £0.89

Forfeited in the year (3,837) £0.96 (2,640) £1.39

Outstanding at 31 May 11,220 £0.61 11,431 £0.68

Exercisable at end of year 1,598 £1.00 119 £1.00

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 207

26 Share‑based payments continued

Reconciliation of outstanding share options continued

Scheme

Number of

instruments

as at

1 June 2022

Instruments

granted

during

the year

Options

exercised in

the year

Forfeitures

in the year

Number of

instruments

as at

31 May 2023

CSOP schemes 324,001 5,586 (11,172) (33,517) 284,898

Sharesave/SAYE schemes 3,714,713 1,593,682 (111,399) (1,684,192) 3,512,804

ESPP schemes 506,218 604,321 — (506,218) 604,321

Special Award — 222,222 — — 222,222

ISO schemes 60,434 — — (10,988) 49,446

LTIP schemes 3,203,721 1,411,193 (528,618) (8 47,103) 3,239,193

RSU schemes 748,711 — (362,003) (248,154) 138,554

RSP scheme 2,734,411 1,233,252 (448,542) (495,417) 3,023,704

Deferred shares 110,553 — (18,937) — 91,616

Phantom schemes 27, 931 43,673 (7,0 86) (11,173) 53,345

11,430,693 5,113,929 (1,487,757) (3,836,762) 11,220,103

The liability for the cash settled share-based payments at 31 May 2023 was £nil (2022: £0.5m).

27 Called up share capital and reserves

Allotted, called up and fully paid

2023

Number

of shares

2022

Number

of shares

2023

£m

2022

£m

Ordinary shares of 1p each at the beginning of the year 309,967,243 308,956,045 3.1 3.1

Ordinary shares of 1p each issued in the year 2,161,649 1,011,198 — —

Ordinary shares of 1p each at the end of the year 312,128,892 309,967,243 3.1 3.1

During the year, 2,161,649 (2022: 1,011,198) new ordinary shares of 1p were issued as a result of the exercise of share options.

The proceeds of £0.1m (2022: £0.8m) were credited to the share premium account.

As at 31 May 2023, 868,800 shares were held in treasury (2022: nil).

Share premium

The share premium account records the difference between the nominal amount of shares issued and the fair value of the

consideration received. The share premium account may be used for certain purposes specified by UK law, including to write

off expenses incurred on any issue of shares and to pay fully paid bonus shares. The share premium account is not distributable

but may be reduced by special resolution of the Company’s ordinary shareholders and with court approval.

Hedging reserve

The hedging reserve comprises the effective portion of the cumulative net change in the fair value of hedging instruments used

in cash flow hedges pending subsequent recognition in profit or loss or directly included in the initial cost or other carrying amount

of a non-financial asset or non-financial liability. The reserve is £nil at 31 May 2023 as the hedging instrument has now expired.

Merger reserve

The merger reserve arose in 2015 from the acquisition of Accumuli plc through a share-for-share exchange in part consideration

for the business.

Currency translation reserve

The results of overseas operations are translated at the average foreign exchange rates for the year, and their balance sheets are translated

at the rates prevailing at the Balance Sheet date. Exchange differences arising on the translation of opening net assets and results of

overseas operations are recognised in the currency translation reserve. All other exchange differences are included in the Income Statement.

Retained earnings

Retained earnings for the Group are made up of accumulated reserves.

For the Company, retained earnings are made up of accumulated reserves and are considered distributable reserves.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023208

Notes to the Financial Statements continued

at 31 May 2023

28 Profit attributable to members of the Parent Company

The profit for the year dealt with in the accounts of the Parent Company was £17.5m (2022: £20.0m).

29 Other financial commitments

Non-cancellable lease rental costs are payable as follows:

2023 2022

Land and

buildings

£m

Other

£m

Land and

buildings

£m

Other

£m

Within one year or less — — — 0.1

The lease commitments disclosed above represent short-term (less than one year) leases only, for which the Group has taken

the exemption from accounting for under IFRS 16.

30 Contingencies

There are no contingent liabilities not provided for at the end of the financial year (2022: £nil). Similarly, there are no contingent assets

(2022: £nil).

31 Pension scheme

The Group operates a defined contribution pension scheme that is open to all eligible colleagues. The pension cost charge for

the year represents contributions payable by the Group to the fund and amounted to £6.3m (2022: £5.1m).

For the Company, the pension cost charge for the year represents contributions payable by the Company to the fund and amounted

to £nil (2022: £nil).

32 Related party transactions

Management has defined that related party transactions are that with key management personnel members only.

Key management personnel have been assessed to be the Group’s Board of Directors. During the year ended 31 May 2023 there

were nine (2022: seven) key management personnel. The compensation paid or payable to key management for employee services

is shown below:

Group

2023

£m

Group

2022 *

£m

Company

2023

£m

Company

2022

£m

Salary costs (including bonus) 1.8 1.5 — —

Social security costs 0.3 0.3 — —

Pension costs — — — —

Share-based payments 0.2 0.4

Total 2.3 2.2 — —

* Represented to present social security costs separate from salary costs.

There were no other related party transactions identified during the year.

33 Investments in subsidiary undertakings

Company

Shares in Group

undertakings

£m

At 1 June 2021 151.8

Increase in subsidiary investment for share-based charges 3.9

Investment in subsidiary undertakings 121.2

At 31 May 2022 276.9

Increase in subsidiary investment for share-based charges 2.2

At 31 May 2023 279.1

On 26 May 2022, the Company acquired 121,205,727 ordinary shares of £0.01 in NCC Group Holdings Limited for a consideration

of £121,205,727 and was settled through an intercompany loan.

The increase in subsidiary investment for share-based charges represents IFRS 2 ‘Share-based Payments’ charges in respect

of subsidiaries which will not be recharged.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 209

33 Investments in subsidiary undertakings continued

Fixed asset investments are recognised at cost.

The undertakings in which the Company has a 100% interest at 31 May 2023 are as follows:

Subsidiary undertakings Country of incorporation Principal activity Registered office

NCC Group Holdings Limited England and Wales Holding company XYZ Building, 2 Hardman

Boulevard, Spinningfields,

Manchester M3 3AQ (XYZ

)

NCC Group (Solutions) Limited England and Wales Holding company XYZ

NCC Group Corporate Limited England and Wales Corporate cost centre XYZ

NCC Group Finance Limited England and Wales Financing company XYZ

The National Computing Centre Limited England and Wales Dormant XYZ

NCC Group Software Resilience Limited England and Wales Holding company XYZ

NCC Group Software Resilience (UK) Limited England and Wales Holding company XYZ

NCC Services Limited England and Wales Software Resilience XYZ

NCC Group Escrow Limited England and Wales Dormant XYZ

NCC Group Software Resilience (Europe) BV Netherlands Holding company Barbara Strozzilaan 101, 1083HN

Amsterdam, Netherlands

NCC Group GmbH Germany Software Resilience c/o Deloitte Legal

Rechtsanwaltsgesellschaft mbH,

Rosenheimer Platz 6, 81669,

Munich, Bavaria, Germany

NCC Group Deutschland GmbH Germany Cyber Security

Leopoldstrasse Business Centre

GmbH, Konrad-Zuse-Platz 8,

81829, Munich, Germany

NCC Group Escrow Europe BV Netherlands Software Resilience Barbara Strozzilaan 101, 1083HN

Amsterdam, Netherlands

NCC Group Escrow Europe (Switzerland) AG Switzerland Software Resilience Ibelweg 18A, 6300 Zug,

Switzerland

NCC Group Software Resilience (MEA-APAC) Limited England and Wales Holding company XYZ

NCC Group FZ-LLC United Arab Emirates Software Resilience Dquarters, Building 16, unit EO30,

DIC5, Dubai Internet City, Dubai,

United Arab Emirates

NCC Group Cyber Security Limited England and Wales Holding company XYZ

NCC Group Cyber Security (UK) Limited England and Wales Holding company XYZ

NCC Group Security Services Limited England and Wales Cyber Security

XYZ

NCC Group Audit Limited England and Wales Cyber Security

XYZ

ArmstrongAdams Limited England and Wales Cyber Security

XYZ

NCC Group Signify Solutions Limited England and Wales Cyber Security

XYZ

NCC Group Accumuli Security Limited England and Wales Cyber Security

XYZ

NCC Group Cyber Security (Europe) BV Netherlands Holding company Fox-IT

NCC Group A/S Denmark Cyber Security

Lautruphøj 1, 2750 Ballerup,

Denmark

NCC Group Cyber Portuguesa, Unipessoal, LDA Portugal Cyber Security

Av. António Augusto de Aguiar

nº 19 – 4º, 1050-012 Lisboa,

Portugal

NCC Group Security Services Espana SLU Spain Cyber Security

Plaza Manuel Gómez Moreno,

número 2, Edificio Alfredo Mahou,

planta 19ª, letra B, 28020,

Madrid, Spain

Cyber Security Sweden AB Sweden Cyber Security

c/o Advokatfirman Delphi,

P.O. Box 1432, 111 84 Stockholm

Fox-IT Holding B.V. Netherlands Holding company Olof Palmestraat 6, 2616 LM Delft,

Netherlands (Fox-IT

)

Fox-IT Group B.V. Netherlands Holding company Fox-IT

Fox-IT B.V. Netherlands Cyber Security

Fox-IT

Fox-IT Operations B.V. Netherlands Dormant Fox-IT

Fox Crypto B.V. Netherlands Cyber Security

Fox-IT

NCC Group Cyber Security (APAC) Limited England and Wales Holding company XYZ

NCC Group plc — Annual report and accounts for the year ended 31 May 2023210

Notes to the Financial Statements continued

at 31 May 2023

Subsidiary undertakings Country of incorporation Principal activity Registered office

NCC Group Pte Limited Singapore Cyber Security

Unit #10-09 PLUS Building,

20 Cecil Street, Singapore

(049705)

NCC Group Pty Limited Australia Cyber Security

Suite 23.01, Level 23,

45 Clarence Street, Sydney,

NSW 2000

NCC Group Japan KK Japan Cyber Security

Level 18, Yesibu Garden Place

Tower, 4-20-3 Ebisu Shibuya-Ku,

Tokyo

NCC Group (Americas) Inc. USA Holding company 650 California Street, Suite 2950,

San Francisco, CA 94108, USA

(North America HQ

)

NCC Group, LLC USA Software Resilience

and central/head office

costs

North America HQ

NCC Group Cyber Security (Americas), LLC USA Holding company North America HQ

NCC Group Security Services, Inc. USA Cyber Security

North America HQ

NCC Group Secure Registrar, Inc. USA Domain services North America HQ

NCC Group Domain Services, Inc. USA Domain services North America HQ

NCC Group Security Services Corporation Canada Cyber Security

Suite 2700, The Stack,

1133 Melville St,

Vancouver, BC V6E 4E5

Payment Software Company, Inc. USA Cyber Security

North America HQ

Payment Software Company Limited England and Wales Cyber Security

XYZ

NCC Group Software Resilience (Americas), LLC USA Holding company North America HQ

NCC Group Escrow Associates, LLC USA Software Resilience North America HQ

NCC Group Software Resilience (NA), LLC USA Software Resilience North America HQ

Fox-IT Belgium B.V. Belgium Cyber Security

Silversquare, Antwerp Tower,

Frankrijklei 5, 2000 Antwerp,

Belgium

The undertakings in which the Company holds less than a 100% interest at the year end are as follows:

Undertaking % interest Country of incorporation Principal activity

Deposit AB 24% Sweden Software Resilience

The Directors consider the above ownership structure to give rise to no significant influence over the undertaking. There is no Board

representation, and the Group has no power to participate in the operating and financial policy decisions of the undertaking.

Accordingly, the undertaking of Deposit AB has not been consolidated.

1 2 Hardman Boulevard, Spinningfields, Manchester M3 3AQ.

2 650 California Street, Suite 2950, San Francisco, CA 94108, USA.

3 Olof Palmestraat 6, 2616 LM Delft, Netherlands.

4 Formerly Assurance.

33 Investments in subsidiary undertakings continued

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 211

2 Formerly Assurance.

34 Disposals

On 31 December 2022, the Group completed the planned disposal of its DDI business for consideration of £5.8m. Of this amount, £3.8m,

is contingent on the novation of certain customer contracts. The assets and liabilities included as part of the disposal were as follows:

2023

£m

Attributable goodwill (1.0)

Trade and other receivables (1.2)

Trade and other payables 1.2

Net assets disposed of (1.0)

Consideration 5.8

Transaction costs (0.1)

Gain on disposal 4.7

Satisfied by:

Cash and cash equivalents 2.0

Contingent consideration 3.8

Consideration 5.8

35 Acquisitions

Prior period acquisition of IPM business

On 1 June 2021, shareholder approval was passed for the acquisition of the IPM business of Iron Mountain, comprising substantially

all of the assets of Iron Mountain Intellectual Property Management, Inc. together with certain other assets of affiliates of Iron Mountain

exclusively related to the IPM business. The primary reasons for the business combination are to:

•

Scale-up the Group’s core business to create a global business and platform for further growth

•

Generate revenue synergies through allowing the enlarged division to offer NCC Group broader suite of established verification

services as well as the newer Escrow-as-a-Service (EaaS) cloud offering to the IPM business’s existing customer base

•

Present an exciting new opportunity to sell NCC Group Cyber Security

services into the IPM business’s broad and blue-chip

customer base in the medium term

•

Be accretive to earnings per share from completion, even without factoring in revenue synergies

•

Result in greater strategic strength for the future

Management considers shareholder approval of the transaction determines a change in control and therefore the date of shareholder

approval is considered to be the acquisition date for the transaction. Shareholder approval was granted on 1 June 2021 and the IPM

Software Resilience business has been consolidated into the Group results from that date (see Note 3). Transfer of consideration for

the acquisition was made on 7 June 2021, which is commonly referenced within these Financial Statements as being the date of

practical completion of the transaction.

Details of assets acquired that are subject to fair value adjustments are noted below. The acquisition for an original total consideration

of $220.0m was subsequently adjusted during the year ended 31 May 2022 to $216.1m (£152.0m) to reflect a normalised working capital

adjustment of $2.7m and a final positive net working capital adjustment of $1.2m. The acquisition was funded through an equity net placing

of £70.2m ($98.4m) on 17 May 2021 combined with a new three year $70m term loan and the remaining $47.7m funded via existing cash

balances and our revolving credit facility. The term loan was entered into on 12 May 2021 but not drawn down until 2 June 2021.

The fair value of assets and liabilities acquired can be summarised as follows:

Fair value

£m

Identifiable intangible assets: (Note 12):

ustomer relationships 91.4

Computer software 1.2

Right-of-use assets 0.2

Trade and other receivables 3.8

Trade and other payables (0.2)

Deferred income (12.1)

Lease liabilities (0.2)

Deferred tax liability (0.7)

Total identifiable assets acquired, and liabilities assumed 83.4

Goodwill 68.6

Total consideration 152.0

Satisfied by:

Cash 152.0

NCC Group plc — Annual report and accounts for the year ended 31 May 2023212

Notes to the Financial Statements continued

at 31 May 2023

35 Acquisitions continued

Prior period acquisition of IPM business continued

No cash was acquired as part of the acquisition.

Total costs directly attributable to the acquisition of the IPM business totalling £8.5m have been expensed to Individually Significant

Items during the year ended 31 May 2021 (£7.6m) and the year ended 31 May 2022 (£0.9m). Issue costs of £2.4m were incurred as part

of the equity placing and have been debited to the share premium account in the year ended 31 May 2021.

The fair value of the financial assets includes trade receivables with a fair value of £3.8m and a gross contractual value of £5.2m.

The goodwill of £68.6m arising from the acquisition consists of the know-how and expertise of the employees transferred to NCC Group

plc as part of the acquisition, the future economic benefit arising from the aligning of customers’ existing products with the Group’s

products, and it’s fit with existing operations. Goodwill is expected to be deductible for income tax purposes.

There is a contingent consideration arrangement that requires amounts to be repaid to NCC Group plc in the event that certain

customers terminate their contractual agreements as a result of the change in ownership. The fair value of the contingent consideration

potentially due to NCC Group plc is considered to be £nil by management. This fair value was estimated based on comparing the

expected number of customers likely to terminate their contractual arrangements as a result of the change in ownership to the threshold

for repayment to NCC Group plc. On 31 May 2023, no further information has become available that suggests the fair value of this

contingent consideration will be greater than £nil.

During the year ended 31 May 2022, a final working capital adjustment had been agreed with the vendor resulting in an amount of

£0.8m being returned to the Group and giving rise to a decrease in the fair value of consideration of £0.8m to £152.0m. This adjustment

leads to a decrease in goodwill of £0.8m. Additionally, management has identified new information in respect of the opening provision for

expected credit losses and has subsequently decreased the fair value of acquired trade and other receivables by £0.8m to £3.8m.

This adjustment leads to an increase in goodwill of £0.8m. On this basis, goodwill of £68.6m remains unchanged from that reported

for the period ended 30 November 2021.

The IPM business contributed £20.2m of the Group’s revenue, £15.6m to the Group’s gross profit and £8.6m operating profit for the

period between the date of acquisition (1 June 2021) and 31 May 2022.

Measurement of fair values

Assets acquired

Computer software As there is no active market for such bespoke intangible assets a cost approach has been taken to

value computer software acquired based on the cost to recreate the assets. The fair value is based on

the estimated time required by appropriately skilled individuals to recreate such assets.

Customer relationships The valuation approach taken is the income approach, specifically the multi-period excess earnings

method (MEEM). The fundamental principle underlying the MEEM is isolating the net earnings

attributable to the asset being measured. There are three key steps in calculating the MEEM:

1. Projecting financial information including cash flows, revenue, expenses, etc. for the IPM

business acquired.

ubtracting the cash flows attributable to all other assets through a contributory asset charge (CAC).

The CAC is a form of economic rent for the use of all other assets in generating total cash flows that

is composed of the required rate of return on all other assets and an amount necessary to replace

the fair value of certain contributory intangible assets.

3. Calculating the cash flows attributable to the intangible asset subject to valuation and discounting

them to present value. Cash flows are forecast through to FY28 and taken into perpetuity beyond

this date. Cash flow forecasts include a level of growth in revenue in addition to specific growth

synergies expected from the aligning of IPM customers’ existing products with the Group’s products

and IPM’s fit with existing operations. Cash flow forecasts include a level of customer attrition based

on historical experience of IPM customer termination rates.

Both the amount and the duration of the cash flows are considered from a market participant’s perspective.

Lease liabilities The Group measured the acquired lease liabilities using the present value of the remaining lease

payments at the date of acquisition.

Right-of-use assets The right-of-use assets were measured at an amount equal to the lease liabilities. No significant

judgements have been identified as part of this assessment.

Deferred income The fair value of the deferred revenue liability has been calculated using a top-down approach.

This approach relies on market indicators of expected revenue for any obligation yet to be delivered

with appropriate adjustments. This approach starts with the amount that an entity would receive in

a transaction, less the cost of the selling effort (which has already been performed) including a profit

margin on that selling effort.

Financial statements

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 213

35 Acquisitions continued

Measurement of fair values continued

The valuation of purchase price accounting is a key source of estimation uncertainty, in which there are several key assumptions

where, if a reasonably possible change in assumption is made, this could result in a material adjustment.

A description of the key assumptions and possible sensitivities are provided below:

Description of key assumption Reasonably possible scenario Impact

The valuation of the customer relationships

intangible asset of £91.4m assumes a

discount rate of 10.7% driven by the internal

rate of return implied by the consideration

paid for the acquired business.

It is considered reasonably possible

that this discount rate could be 1%

higher or lower depending on the

expected performance of the

business post-acquisition.

The impact of increasing the discount rate by 1%

would be to reduce the value of the customer

relationship intangible asset by £6.0m with a

corresponding increase in the value of goodwill

arising on acquisition. The amortisation on acquired

intangibles charged to the Income Statement for the

year ended 31 May 2022 would reduce by £0.6m.

The impact of decreasing the discount rate by 1%

would be to increase the value of the customer

relationship intangible asset by £6.8m with a

corresponding decrease in the value of goodwill

arising on acquisition. The amortisation on acquired

intangibles charged to the Income Statement for the

year ended 31 May 2022 would increase by £0.6m.

The valuation of the customer relationships

intangible asset of £91.4m includes an

estimate of a level of growth of the revenue

generated from that customer base, post-

acquisition. The forecasts used assume that

revenue (excluding synergies) will increase

incrementally to a maximum of a 3.7% annual

increase in FY25 before returning to levels

more consistent with the US long-term

inflationary growth rate in FY26 and beyond.

It is considered reasonably

possible that this growth rate

does not exceed an inflationary

US long-term inflationary growth

rate of 2%.

The impact of this scenario is to reduce the value

of the customer relationship intangible asset by

£3.1m with a corresponding increase in the value

of goodwill arising on acquisition. The amortisation

on acquired intangibles charged to the Income

Statement for the year ended 31 May 2022 would

reduce by £0.4m.

Prior period acquisition of Adelard business

On 20 April 2022, shareholder approval was passed for the acquisition of substantially all of the assets of Adelard LLP for £3m. This gave

rise to goodwill of £1.1m, intangible assets of £1.3m, right of use assets of £0.2m, trade receivables and other receivables of £0.9m and

current liabilities of £0.5m.

Consideration payable of £3.0m is represented by £1.0m cash paid on completion and a further contingent consideration (dependent

on novation of contracts and FY23 revenue performance) of £1.9m (discounted). At 31 May 2023, a further £1.0m cash consideration

had been paid following the successful novation of certain sales contracts.

Adelard is a Cyber Security

expert in high value critical systems for national and industrial infrastructure and its services

are complementary to the Group.

36 Post balance sheet events

In line with the Group’s next chapter strategy, during September 2023, the Group issued external marketing material to potentially

dispose of an element of the Europe Cyber Security

CGU as it is considered non-core to the Group.

37 Audit exemption

The subsidiary undertakings listed below are exempt from the Companies Act 2006 requirements relating to the audit of their

individual accounts by virtue of Section 479A of the Act as this company has guaranteed the subsidiary company under Section 479C

of the Act.

Company name Principal activity

Payment Software Company Limited 10059024

NCC Group Cyber Security Limited 13287219

NCC Group Cyber Security (UK) Limited 13294277

NCC Group Cyber Security (APAC) Limited 13294684

NCC Group Audit Limited 04323323

NCC Group Signify Solutions Limited 03915262

NCC Group Finance Limited 13350193

The Directors acknowledge their responsibility for complying with the requirements of the Companies Act 2006 with respect to

accounting records and preparation of accounts.

2 Formerly Assurance.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023214

Notes to the Financial Statements continued

at 31 May 2023

Glossary of terms – other terms

Other terms Definition and usage

Code Guidance, issued by the Financial Reporting Council in 2016 and updated in 2018, on how

companies should be governed, applicable to UK-listed companies including NCC Group plc.

Adjusted Any result described as adjusted excludes the impact of Individually Significant Items, and any

tax on any of these items.

Adjusted earnings Adjusted earnings are defined as statutory earnings before amortisation of acquisition

intangibles, Individually Significant Items and the share-based payments charge, net of the

tax effect of these items.

Adjusted operating profit margin

Calculated as Adjusted operating profit divided by revenue from continuing activities.

AGM Annual General Meeting of shareholders of the Company held each year to consider ordinary

and special business as provided in the Notice of AGM.

Alternative Performance Measure

(APM)

An Alternative Performance Measure (which is denoted in each case or use thereof

by a footnote) is a non-GAAP performance metric used by management either internally

or externally to present management’s view of the underlying business performance.

They are not superior to GAAP-based measures and are simply an alternative way of looking

at performance. See Note 3 for further information.

Board The Board of Directors of the Company (for more information see pages 88 and 90).

Cash conversion ratio

Calculated as cash generated from operating activities before interest and taxation divided by

Adjusted EBITDA

, expressed as a percentage.

CDO Cyber Defence Operations.

CEO Chief Executive Officer.

CFO Chief Financial Officer.

CISO Chief Information Security Officer.

Company, Group, NCC, we, our or us We use these terms, depending on the context, to refer to either NCC Group plc, the individual

Company, or to NCC Group plc and its subsidiaries collectively.

CPO Chief People Officer.

CTO Chief Technology Officer.

Directors, Executive Directors and

Non-Executive Directors

The Directors/Executive Directors and Non-Executive Directors of the Company whose names

are set out on pages 88 and 90 of this report.

EBIT Earnings before interest and tax.

EBIT margin % EBIT margin % is calculated as follows: Adjusted EBIT divided by revenue.

EBITDA Earnings before interest, tax, depreciation and amortisation. Calculated as operating profit

before Individually Significant Items and adding back depreciation and amortisation charged.

EBITDA margin % EBITDA divided by revenue.

EPS Earnings per share. Profit for the year attributable to equity shareholders of the Parent

allocated to each ordinary share.

FCA Financial Conduct Authority.

Financial year For NCC Group this is an accounting year ending on 31 May.

FRC Financial Reporting Council.

Free cash flow Net cash from operating activities less net capital expenditure and acquisition costs.

FRS A UK Financial Reporting Standard as issued by the UK Financial Reporting Council (FRC).

FVLCTS Fair value less costs to sell.

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 215

Additional information

Other terms Definition and usage

Gross profit Gross profit is revenue less direct costs of sale. It excludes costs considered to be overheads

that are supporting the business as a whole as opposed to a specific revenue item.

Gross margin %/GM % Calculated as gross profit divided by revenue from continuing activities.

HMRC His Majesty’s Revenue & Customs, the tax collecting authority of the UK.

IAS or IFRS An International Accounting Standard or International Financial Reporting Standard, as issued

by the International Accounting Standards Board (IASB). IFRS is also used as the term to

describe international generally accepted accounting principles as a whole.

Individually Significant Items Items that the Directors consider to be material in nature, scale or frequency of occurrence

that need to be excluded when calculating some non-statutory performance measures in

order to allow users of the Financial Statements to gain a full understanding of the underlying

business performance. See Note 5 for further information.

KPMG The Company’s external auditor, KPMG LLP.

LTIP Long Term Incentive Plan established to align the interests of senior and executive

management with those of shareholders. The plan is formally known as the NCC Group Long

Term Incentive Plan 2013 (approved by shareholders in 2013).

MD Managing Director.

MDR Managed Detection and Response.

Net debt

Total borrowings offset by cash and cash equivalents.

Ordinary shares Voting shares entitling the holder to part ownership of a company.

SAYE/Sharesave Save As You Earn, being a tax efficient scheme to encourage colleague share ownership.

Software Resilience Software Resilience represents our escrow resilience services.

Subsidiary A company or other entity that is controlled by NCC Group.

TSC Technical Security Consulting.

TSR Total shareholder return, which is share price growth plus dividends reinvested (where

applicable) over a specified period of time, divided by the share price at the start of the period.

1 Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease

liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.

Glossary of terms – other terms continued

NCC Group plc — Annual report and accounts for the year ended 31 May 2023216

Other information

Directors

Chris Stone – Non-Executive Chair

Mike Maddison – Chief Executive Officer

Guy Ellis – Chief Financial Officer

Chris Batterham – Independent Non-Executive Director

Julie Chakraverty – Senior Independent Non-Executive Director

Jennifer Duvalier – Independent Non-Executive Director

Mike Ettling – Independent Non-Executive Director

Lynn Fordham – Independent Non-Executive Director

Company Secretary

Jonathan Williams

Registered Group and Company head office

XYZ Building

2 Hardman Boulevard

Spinningfields

Manchester

M3 3AQ

Registered number

4627044

Registered in England and Wales

Joint brokers and corporate finance advisers

Jefferies International Limited

100 Bishopsgate

London

EC2N 4JL

Peel Hunt LLP

Moor House

120 London Wall

London

EC2Y 5ET

Auditor

KPMG LLP

1 St Peter’s Square

Manchester

M2 3AE

Solicitors

DLA Piper UK LLP

1 St Peter’s Square

Manchester

M2 3DE

Registrar

Equiniti

Aspect House

Spencer Road

Lancing

West Sussex

BN99 6DA

Bankers

HSBC UK Bank plc

2nd Floor

4 Hardman Square

Spinningfields

Manchester

M3 3EB

National Westminster Bank plc

1 Hardman Boulevard

Manchester

M3 3AQ

ING Bank N.V. London Branch

8–10 Moorgate

London

EC2R 6DA

Fifth Third Bank

National Association

38 Fountain Square Plaza

Cincinnati

OH 45263

NCC Group plc — Annual report and accounts for the year ended 31 May 2023 217

Additional information

Financial calendar

Ex-dividend date 9 November 2023

Record date 10 November 2023

AGM 30 November 2023

Dividend payment date 8 December 2023

2024 half year end 30 November 2023

2024 interim statement 1 February 2024

2024 year end 31 May 2024

2024 year end trading pre-close statement June 2024

2024 preliminary year end statement September 2024

These dates are provisional and may be subject to change.

NCC Group plc — Annual report and accounts for the year ended 31 May 2023218

NCC Group plc’s commitment to environmental issues is reflected in

this Annual Report, which has been printed on Magno Satin, an FSC

certified material.

This document was printed by Geoff Neal using its environmental print

technology, which minimises the impact of printing on the environment,

with 99% of dry waste diverted from landfill. Both the printer and the

paper mill are registered to ISO 14001.

FSC to be supplied

NCC Group plc Annual report and accounts for the year ended 31 May 2023