Risk Area Risk Management Strategy

Regulatory changes

Changes to funding and government policies and

regulations may have a material adverse impact

on the financial and operational performance of the

Company including the deregulation of MRIs which

may remove significant barriers to entry into the

diagnostic imaging market.

$$

Regular monitoring of funding and regulatory changes and

industry developments.

$$

Membership of$,$ and participation in$,$ the Australian Diagnostic

Imaging Association.

$$

Membership of$,$ and participation in$,$ the Royal Australian New Zealand

College of Radiologists.

Maintaining strong referrer relationships

The risk of a material loss of$,$ or lack of growth

in$,$ referrals to IDX would impact financial and

operational performance of the Company.

$$

Maintenance of existing relationships across IDX$$s referrer network

through a process of continuous engagement.

$$

Continuous investment in new technology to enhance access and service

for referrers and patients.

$$

Clinical Leadership Committees in each business unit, supported by local

management to drive clinical governance.

Mergers and acquisitions

It is IDX$$s strategy to drive growth organically

and through mergers and acquisitions $($M&A$).$

This strategy may place significant demands

on management, resources, internal controls

and systems, resulting in the failure to

realise anticipated benefits or effectively

integrate acquisitions.

$$

Program of oversight for M&A activity, due diligence and integration.

$$

Detailed due diligence processes and procedures, including the

development of integration and resourcing plans.

$$

Engagement of external advisors to assist in identifying risks, challenges

and opportunities of acquisitions.

Contracts and service agreements

Contracts and service agreements may be

breached, terminated or not renewed resulting in

loss of revenue and operating profit.

$$

Regular review of all IDX contracts for completeness of information,

renewal dates, contract owners and performance against SLA$$s$.$

$$

Maintenance of a digital contract database which sends automatic

reminders to contract owners about contract milestones including

expiry dates.

Clinical risk management

The risk of patient harm due to human error or a

lack of effective clinical governance and processes.

$$

ICLC manages and advises on clinical governance matters, including

patient care, clinical standards and quality assurance.

$$

Consistent clinical risk and incident reporting processes in place across

the Company and business units, to review incident data and resulting

recommendations at all management levels, through to the ARCC and

the Board.

$$

Chief Medical Officer $($CMO$)$ further strengthens focus on clinical

governance within IDX.

$$

Maintenance of appropriate insurance arrangements, including in relation

to medical malpractice.

$$

Radiologist peer review systems in place.

Privacy and confidentiality

The Company relies on secure processing,

transmission and storage of confidential, proprietary

and other information in its IT infrastructure.

The loss or misuse of personal information, or

inadequate and insecure data protection and privacy

protocols, may result in a breach of a patient or

referrer privacy and confidentiality.

$$

Consistent privacy policies and practices in place across the Company that

have been reviewed by external privacy experts for compliance with the

required laws in Australia and New Zealand.

$$

Provision of training for staff.

$$

Cyber security and IT infrastructure controls in place and

continually reviewed.

Integral Diagnostics Annual Report $202331$

Risk Area Risk Management Strategy

Cyber security

The risk of a material cyber security event, data

breach or attack on IDX, or the inability of IDX

to respond to the continually evolving threats

affecting its operations and involving significant

remediation resources.

$$

Provision of cyber security training including phishing training and

simulations for staff.

$$

Ongoing penetration testing by an external party to review protections

against increasing threats.

$$

Regular meetings of Cyber Security Steering Committee.

$$

Alignment of the Company$$s cyber security framework and controls to

industry standards, including annual cyber maturity assessments.

$$

Business continuity and disaster recovery plans in place including data

breach simulations held with senior leaders and the Board.

Attraction and retention of talent

The risk of an inability to attract and retain

quality radiologists, management and staff due

to competition across the market, geographical

location of some sites or other factors.

$$

Investment in employee engagement, professional development and

culture building activities across IDX.

$$

Implementation of a Leadership Capability Framework and a Performance

and Development Framework.

$$

Targeted recruitment campaigns both locally and overseas.

$$

Provision of People and