Existing controls

Ø Transformation programme office

Ø Global learning platform (GLP) and the enabling

programme (TEP) are standing Audit Committee

agenda items. See 'Governance' p76-77

Ø Regular updates with Pearson Executive

Ø Executive owned Steering Committees in place

Ø Independent assurance on key programmes

Outcome of 2017 activities: In 2017, we continued to invest in the digital

transformation and simplification of the company. The volume and accelerated pace of change combined with execution interdependencies as we go into 2018 are keeping this our highest rated (and slightly increased) risk. We also have capabilities we need to continue to develop internally to deliver transformation and change (See Talent risk on p52).

The £300m 2017-2019 cost efficiency programme remains on track to achieve its targets. Following the planning phase culminating in the August 2017 announcement, the programme transitioned to implementation.

HR Fusion, part of TEP, successfully went live in the US in June 2017. Significant progress was also made regarding data governance as our quality focus and scope expanded in 2017 to global data. We now have a much more top-down view of product data, moving on to sales, marketing, rights and royalties and fulfilment. We also started putting in place

customer data governance.

2018 outlook and plans : Business transformation and change initiatives will continue to support our strategic goals to accelerate our digital transition in higher education, to manage the print decline, and to reshape our portfolio,

as outlined by our Chief Executive on p8-10 and

covered in more detail under our strategy in action

on p41-21.

In 2018, we will continue with the development of the GLP, a single, cloud-based platform to support learners and our digital transformation, as well as the next phase of TEP to further progress the simplification of our business. Both programmes will continue to be closely monitored by the Audit Committee at each meeting (you can read more

about their oversight of key programmes in the report from the Chair of the Audit Committee on p76-77).

Successful execution of all our change programmes in 2018 will depend on having the right change management skills (see also Talent risk on p52).

The focus on data quality in 2018 will be supporting the TEP North America implementation. In addition, the new EU data privacy law, the General Data Protection Regulation (GDPR) which will apply from May 2018 and spans all our underlying systems, is a priority.

Existing controls

Ø Global product lifecycle process

Ø Portfolio management

Ø Audit Committee oversight of GLP

Outcome of 2017 activities: Successfully managing this risk underpins two of our key strategic priorities - growing our market share through digital transformation plus investing in structural growth opportunities (see p14-17).

The likelihood of this risk occurring reduced in 2017 due to the progress we've made towards implementing portfolio management practices and strategic investment recommendations, as well as on pricing strategy and governance in US higher education courseware.

In 2017, we progressed our understanding of the competitive and structural threats, especially to our courseware business in terms of general and student buying behaviour and have taken steps to mitigate these. For example, we are making good progress in shifting the business from ownership to

'pay for use', we reduced the price of a number of eBook rentals and also launched a print rental programme to give greater convenience and value to students.

2018 outlook and plans: Turning this risk into an opportunity -successfully accelerating our shift to digital as well as investing in and delivering the right products and services - is as key to successful business performance in 2018 as it was in 2017. A new Chief Strategy Officer joined at the start of 2018 see p63.

We will continue to improve the US higher education courseware integrated business strategy, product lifecycle and governance, as well as pricing strategy. In addition to the development of GLP, we are investing in other innovations, such as Artificial Intelligence, to ensure our products stay relevant and to become more agile in our delivery. We are

also prioritising investment in our fastest growing businesses across Pearson. See p16-17 in Strategy in action.

Market research and analysis activity across Pearson was centralised into one Global Insights team in January 2018. Their remit is to develop customer insights to inform portfolio, product, channel and business strategy.

Existing controls

Ø Consistent performance, talent and succession

             management processes

Ø Employee policies including the Code of Conduct

(see p27 in Sustainability)

Ø Employee engagement forums and action plans

Ø Turnover data monitored on a monthly basis

Ø Exit interviews conducted and monitored globally

to identify any trends and concerns

Ø Learning programmes now offered on a single

platform for all staff (Pearson U)

Ø Revamped external careers website and talent

acquisition approach to improve attraction of

digital skills

Ø Wide range of employee benefits

Outcome of 2017 activities: The likelihood of this risk occurring has reduced due to the mitigation activities successfully implemented in 2017. However, talent remains an ongoing priority for the company, with a focus on building the talent needed to deliver the business strategy for 2020 especially in key areas such as digital and change management skills.

Work was undertaken to ensure we have clarity on the key capabilities required to achieve our 2020 goals, using this to support learning and development, assessment, development and talent attraction.

Throughout 2017, there was a strong focus on leadership communication of the Pearson strategy, as well as increased visibility of the Pearson Executive and leadership teams.

Employee engagement action plans communicated across Pearson and the Executive are reporting progress to the Board on a quarterly basis. Highlights from these plans are listed on p27 in the Sustainability section.

An organisational health survey was conducted, and results and action plan shared in Q4.

Our platform for learning and development was upgraded in 2017, increasing accessibility to learning and development solutions and greater flexibility in goal-setting. Academies were also launched for leadership teams as well as Technology, Product, Marketing and Finance. These aim to increase both our capabilities and retention.

2018 outlook and plans: Pearson will implement further programmes to improve connection with the Pearson strategy, and to increase engagement and organisational health.

In order to build the talent we need to deliver the 2020 business strategy, there will additional focus on direct sourcing and construction of targeted talent pools to target skills (digital), address succession gaps, and increase diversity in leadership roles. We will also continue to support change activities through Change Leadership training and handbooks.

In 2018, there will be a stronger focus on development planning linked to further roll-out of career workshops. We will expand and upgrade Pearson U learning, launching new Sales Academy and leadership programmes that support succession planning and increase retention. We will also further refine the careers website to increase employee attraction.

The Pearson Executive will maintain their focus in 2018 on talent actions for the senior leadership group and succession through quarterly reviews.

Existing controls

Ø Board and Executive oversight

Ø Government relationship teams

Ø EU referendum Steering Committee

Outcome of 2017 activities: Although there has been no overall change in the risk rating, significant work has been done to ensure we can more proactively identify and mitigate political and regulatory risk.

Over the last two years, there has been a specific focus on leveraging resources across the US and UK to build global political/regulatory relationships, and an international political profile in order to understand future international risks and

proactively mitigate them.

In the UK, 2017 was the year that GCSEs began their changeover from grades A*-G to 9-1 with English and

Maths. Our focus was on working with government, regulator and other awarding organisations to demonstrate the professionalism and solidity of the system, which resulted in a stable set of results.

In the US, we continued to implement our ten priority state strategy engaging with new and existing office holders in key states and worked to shape the state and federal regulatory and legislative environment in favour of Pearson strengths. This work focused on Pearson solutions

to affordability and access with stakeholders in Congress, the Administration and priority state capitals.

The full impact of the UK's pending departure from the EU is still unclear, but we remain vigilant to potentially material risks for Pearson. Work continued throughout 2017 (led by a Steering Committee chaired by the CFO) to identify and

mitigate any potential impacts on our principal risks below, such as treasury, tax or data privacy, or on other areas such as UK-EU supply chain and workforce mobility, including in the event of a 'no deal' exit scenario. We continue to believe that Brexit, in whatever form it takes, will not have a material adverse impact on Pearson.

2018 outlook and plans: Pearson will continue to position itself as a leader in the education space, an innovator in higher education and establish the company as a key engine in workforce development and economic growth. We are also driving opportunities to engage directly with other businesses.

In the UK, there is ongoing concern about the amount of testing (and the sheer difficulty of the new tests) in primary schools. As a test administrator, we are mitigating this through a stakeholder outreach programme on assessment.

In addition:

Ø The new 9-1 GCSEs will be awarded in almost

all subjects

Ø Technical education: as the government becomes

more clear about the role of T Levels we will need

ongoing government relations, media and thought

leadership work.

Across our educational markets in 2018, we believe the trend for more intrusive and voluminous regulation in our sector will continue. We will continue our work from 2016 and 2017 to mitigate this.

We will continue to assess the potential impacts of the UK's decision to leave the EU as the model that will replace our membership becomes clearer.

Existing controls

We seek to minimise the risk of a breakdown in our student marking systems with the use of:

Ø Robust quality assurance procedures and controls

Ø Oversight of contract performance Investment in technology, project management and skills development of our people, including software security controls, system monitoring, pre- deployment testing, change controls and the use of root cause analysis procedures to learn from incidents and prevent recurrence

Ø Use of Amazon Web Services (AWS) in Clinical and Schools

Ø IBM counter-fraud tool.

Outcome of 2017 activities: Pearson is an education content, assessment and related services company and, as such, managing this risk remains a priority.

In the US, the majority of student testing is now conducted via AWS, resulting in improved availability and stability.

In the UK, we successfully delivered the UK summer

exam series in 2017 to a high standard of quality.

2018 outlook and plans: The drive to continue improvements to availability and stability of testing systems continues. The migration and retirement of legacy systems in use will continue.

Given the high stakes nature of the UK testing business, there remains a risk of breaches of security either as a result of error or of a malicious nature. We are reviewing what additional measures we can put in place for 2018 to further mitigate against potential question paper security breaches.

The plan to upgrade Pearson's bespoke online marking system - ePEN - in the UK will continue throughout 2018 with full implementation due by the end of 2019, taking into account the complexity of our systems as well as external marking contract obligations.

Clinical's Q-global will be moving to AWS in Q1 of 2018. Additional technology stack updates will be implemented during 2018 to address 2017 issues.

Existing controls

Ø Global health and safety (H&S) team

Ø Global policy and standards

Ø Global assurance and incident reporting system

Ø Audit programme

Ø Regional training

Outcome of 2017 activities: The likelihood of this risk occurring has decreased as a result of the outcomes of the following:

Ø Overall implementation status of Pearson's H&S

minimum standards continues to improve globally

Ø The 2017 global H&S audit programme was

completed across a wide range of our locations

Ø Our global H&S coordinator role has been

formalised with a new terms of reference

Ø The global H&S team became a registered centre

to teach the globally recognised Institution of

Occupational Safety and Health (IOSH), Managing

Safely course

Ø A completely revised global H&S Policy (with

improved governance and responsibilities) and

standards have been developed, which now

include good practice goals, recognising the

H&S maturity in many of our key markets

Ø Good progress was made across our

15-17 H&S Strategy.

2018 outlook and plans:

Ø Implement the new global H&S Policy and

standards and continue to improve the application of our H&S standards

Ø Refine and Implement a new 18-20 H&S Strategy

Ø Deliver the IOSH Managing Safely course to our

global H&S coordinators

Ø Review our H&S systems to ensure they continually evolve to reflect our changing business

Ø Enhance our global assurance programme to not

only provide risk-based auditing of key locations,

but to also include advisory reviews and focused

risk-based H&S Projects

Ø Continue to evolve our key risk reduction programmes covering:

- Ergonomics

- Occupational Road Risk

- Occupational health risk management

and wellbeing.

Existing controls

Ø Safeguarding policy

Ø Internal procedures and controls

Ø Staff Code of Conduct

Ø Third-party risk management policy

Ø Safeguarding Steering Committee

Ø Local safeguarding coordinators

Outcome of 2017 activities: We continue to view safeguarding as a fundamental obligation to our learners and a high priority. Although the risk has been reduced due to our disposal of the majority of our direct delivery businesses, we are exposed to greater online risk as we move to more digital services. There is never a zero risk of a safeguarding incident and organisations should always challenge themselves and look to improve their practice. Hence the overall risk remains the same.

An exercise was conducted to test the response of selected businesses to an online safeguarding issue regarding a member of staff, the results of which were used to further refine training and awareness, ready for implementation in 2018.

A sexual harassment policy for our further education business has been developed and currently training is being produced to support its implementation in Q2 2018.

2018 outlook and plans: We will continue to develop and question our practices around safeguarding in 2018, with a focus on ongoing training and awareness across the business, especially with regard to online safeguarding.

We will also further refine our safeguarding metrics and the system used for reporting, as well as developing and implementing a system for external validation of our safeguarding practice.

Existing controls

Ø Real-time monitoring of systems (for service

disruptions) and reporting of operational

performance used to identify issues

Ø Project management disciplines in place to

ensure enhancements and new products

meet required standards

Outcome of 2017 activities: Managing this risk is critical to achieving our

strategic goal of accelerating our shift to digital products and services, and, crucially, becoming a trusted partner. Therefore this risk remains high, despite the significant improvements in 2017 to our product stability and execution.

Mitigations were put in place to prevent a recurrence of the 2016 back-to-school (BTS) issues experienced by customers. BTS stability in the second half of 2017 was significantly improved, resulting in only a few minor incidents and the highest availability levels seen in the last three years.

Further investment was made in 2017 in our global learning platform (GLP). You can read more on this and how it underpins our strategy and the learning experience in 'Our strategy in action' section on p14-15.

Customer support also improved response times for incoming calls and improved outgoing customer communications during the recent outages.

2018 outlook and plans: In 2018, there will be a continued focus on the performance, stability and usability of all product platforms as well as customer service quality and responsiveness.

Our GLP development, critical to our digital transformation strategy, will continue in 2018, with the first pilots due to go live. This platform will allow us to innovate faster as well as better support our learners.

Existing controls

Ø Security and resilience policies

Ø Security minimum protection standards

Ø Incident management process

Ø Resilience governance Steering Committee

Ø Incident management and DR teams

Ø Global notification and incident reporting tools

Ø ISO audit programme

Ø PQS & VUE - ISO 22301 accredited

Outcome of 2017 activities: There were an increased number of incidents in 2017, which fortunately did not impact Pearson directly.

Ø Continued work across the 'Top 40' locations for planning, testing and response

Ø Increased collaboration across the organisation, improving understanding of current and future risks, particularly regarding incident response and DR planning

Ø Training of global incident management teams for

             different response levels

Ø A mass notification system was deployed in the UK and will be further deployed globally during 2018 in order to better communicate with our staff and confirm their safety during an incident

Ø We strengthened our travel security programme, including greater support provision for higher risk trips

Ø In physical security, the security policy and global property guidelines were released in early 2017,and contain advice and direction for all projects involving the build, refurbishment and disposal of properties. Security reviews in specific locations resulted in a reduction of risks and therefore improvements for staff and learners.

2018 outlook and plans: In 2018, we will:

Ø Continue to drive security as a proactive rather than reactive activity, with ongoing physical and travel security reviews

Ø Refine the incident response model towards a broader regional/geographic response

Ø Continue work on the sustainable and data specific roll-out of the Everbridge mass notification system

Ø Mandate travel security training for travel to high risk countries (due for deployment in February)

Ø Work to refine DR planning for any legacy systems and applications, as well as our support of the GLP, TEP and the £300m 2017-2019 cost efficiency programmes

Ø Grow our knowledge around cloud-based technologies and implement future digital resilience.

Existing controls

Our tax strategy reflects our business strategy and the locations and financing needs of our operations.

In common with many companies, we seek to manage our tax affairs to protect value for our shareholders, in line with our broader fiduciary duties. We do not seek to avoid tax by the use of 'tax havens' or by transactions that we would not

fully disclose to a tax authority. We are guided by our taxation principles, which include complying with all relevant laws, including claiming available tax incentives and exemptions that are available to all market participants.

Oversight of the tax strategy is within the remit of the Audit Committee, which receives a report and risk deep dive on this topic at least once a year (see p78 for details). The CFO is responsible for tax strategy; the conduct of our tax affairs and the management of tax risk are delegated to a global team of tax professionals.

Outcome of 2017 activities: This risk increased in 2017 due to the US tax reform changes legislated in December and the announcement in November of the European Commission opening decision on the United Kingdom Controlled Foreign Companies exemption [see note 34, contingent liabilities on p175).

In August the Audit Committee received an update on our tax strategy and approved our first tax report which was published in September. A further update was given to the Audit Committee and Board in December mainly focusing on the impact of US tax reform.

US tax reform is not expected to have a material impact on our effective tax rate, however we continue to work through the detail and assess whether any changes to our strategy

are appropriate.

The outcome of Brexit remains insufficiently clear to assess any impact on tax but we continue to monitor.

2018 outlook and plans: We will continue to assess (and implement mitigation plans if required) US legislation changes as well as monitoring potential tax law changes globally, along with Brexit implications and the State Aid situation.

2018 will see the publication of our second tax report.

Media and public scrutiny on tax issues will continue to be actively monitored by group tax and corporate affairs.

Controls

Ø Treasury policy (see note 19 starting on p156)

Ø The treasury strategy and policy is also subject to an Audit Committee risk 'deep dive'. See p78

Outcome of 2017 activities: Overall treasury risk has reduced over 2017 due to a proactive exercise to reduce gross debt and strengthen our balance sheet which has had a direct impact on refinancing, counterparty and interest

rate risk.

Pearson has no debt maturities in 2018. We anticipate that cash from operations, our existing cash balances and cash equivalents, together with availability under our existing credit facility, and cash from operations, will be sufficient to fund

our operations for at least the next 12 months.

Pearson maintains investment grade credit ratings with Moody's and Standard and Poor's which facilitate good access to capital markets. These credit ratings in February 2018 were Baa2 (negative outlook) with Moody's and BBB (negative outlook) with Standard and Poor's. The negative outlooks reflect perceived business risk as the business transforms, particularly in US Higher Education.

See note 19 starting on p156 for more information on credit, counterparty, interest rate and transactional FX activities in 2017.

2018 outlook and plans: In 2018, we will continue to operate in line with our treasury policy. More on this can be found in note 19, starting on p156.

Existing controls

Ø Information Security and Data Privacy Offices

Ø Privacy impact assessment process

Ø Regular audits

Ø Automated tools

Ø Annual data privacy training and awareness week

Ø Risk management framework

Ø Vendor oversight

Ø Audit Committee risk 'deep dive'. See p78

Outcome of 2017 activities: Risks concerning cyber-security and data privacy remain high due to complex external factors.

We now have clarity on the increased regulatory obligations and their impact on Pearson, such as the new EU data privacy law, the General Data Protection Regulation (GDPR) which will apply from May 2018 and introduce more onerous privacy obligations and more stringent penalties for non-compliance. The UK's departure from the EU is also adding another layer of uncertainty with regard to the regulator, and customers are also demanding more from us in terms of data privacy (e.g. GDPR and data sovereignty).

We continued to roll out our GDPR programme in 2017; our work to improve the security of our critical products; as well as our privacy impact assessment process for new vendors and programmes.

Many information security risks previously identified have been addressed, plus there was increased vendor oversight in 2017. However, ongoing assessments uncover new vulnerabilities and risk areas arising from increasingly sophisticated attack strategies, as well as Pearson's ongoing transition to digital products, services and cloud adoption.

In 2017, the information security team focused on an improvement programme for critical applications, core platforms and infrastructure to enable Pearson's digitisation and simplification strategy. In addition, we also instituted a

programme to review our top vendor contracts to ensure they have the most up-to-date data privacy and information security wording and that they align with GDPR where relevant.

2018 outlook and plans: The Data Privacy Office continues to monitor developments relating to the UK's departure from the EU and, where necessary, adapt to any new UK specific privacy developments. As Pearson operates across several EU Member States, we will still need to comply with GDPR when the UK leaves the EU.

The information security team will continue to drive security maturity (and also thus security compliance to GDPR, PCI, HIPAA, FERPA and other regulatory requirements). A new risk management tool has been deployed so that security risk accountability can be cascaded effectively.

We are conducting an inventory of what personal and other sensitive data we hold and where in the organisation to better focus our resources and attention.

Joint data privacy and information security activities to build security and privacy controls into the design critical products (including the new global learning platform) will continue.

Increased vendor oversight is a critical initiative for security and broad compliance.

Existing controls

Ø Policies in place to manage and protect our IP

Ø Global trademark monitoring platform

Ø Cooperation with trade associations

Ø Monitoring of technology and legal advances

Ø Patent programme in place

Ø Establishment of Anti-piracy Committee

Ø Legal department provides ongoing monitoring and enforcement of print and digital copyright piracy

Outcome of 2017 activities: Overall risk has reduced due to careful litigation management, the continued negotiation of preferred vendor agreements, as well as the ongoing work to implement a new rights and royalties system which will further mitigate this risk. We started our phased implementation of this system in the UK in 2017.

We established an Anti-piracy Committee to manage piracy related risk in a coordinated manner. We conduct internet monitoring, takedown and internet 'search result' scrubbing to reduce digital piracy. We have also worked with our larger North America channel partners to adopt best-practice anti-counterfeit measures.

In 2017, we launched patent management technology to further improve our asset tracking, as well as implementing a global trademark monitoring platform to improve visibility of

potential infringement threats.

2018 outlook and plans: We will continue to streamline our portfolios; procure and register expanded rights in our high value IP globally, including aggressively expanding our patent portfolio; monitor activities and regulations; and proactively enforce our rights, taking necessary legal action.

We will continue to implement the newly developed royalty and business practices, along with the new rights management system across the US and Canada during 2018.

A new author agreement is being rolled out in the first half of 2018.

Existing controls

Ø Audit Committee oversight

Ø ABC policy certification

Ø Internal procedures and controls

Ø Risk-based third-party due diligence

Ø Employee and business partner codes of conduct

Ø (see also 'Respect for human rights' under

Ø Sustainability on p28)

Ø Local Compliance Officers (LCOs)

Outcome of 2017 activities: Internal procedures, controls and training continue to mature, which are designed to prevent corruption. Pearson's Code of Conduct was refreshed and rolled out for all employee certification in September 2017, including references to ABC policy and requirements (also discussed under 'Sustainability on p28). Pearson's ABC policy reflects our zero tolerance towards bribery and corruption of any kind by establishing a consistent set of expectations and requirements regarding ABC for all our personnel and business partners to adhere to.

Pearson's 2016 ABC programme self-assessment served as a roadmap for work for 2017-2018. Progress was made on ABC risk assessments of the various regional and local business units.

We conducted due diligence on our highest risk third-parties and developed roll-out plans for further phases.

Pearson's ABC infrastructure includes a network of LCOs based in country, mainly members of the legal team. This programme continues to be successful with greater knowledge and competencies of the LCOs and better leadership, guidance and helpful tools and resources provided by the global compliance office.

2018 outlook and plans: In 2018, we will:

Ø Implement a comprehensive plan for risk-based roll-out of further ABC third-party due diligence, including new tools and resources

Ø Roll out a comprehensive refresh of the training programme on ABC and Code of Conduct globally

Ø Continue risk assessments in 2018 to ensure that the ABC programme reflects local market and business model risks, as well as plan actions to remediate issues revealed during those assessments

Ø Employ a more robust analytic framework to our investigative data to spot trends and root causes.

Existing controls

Ø Global policy published

Ø Training and guidance

Ø Regular internal communications

Ø Lawyer network

Outcome of 2017 activities: This risk increased during 2017, reflecting our participation in industry associations, including Board membership, as well as the recent activity of associations being challenged by anti-trust authorities such as in Spain.

A global policy, general training and guidance were launched in 2017 and contain all the measures, indicators and actions required to ensure anti-trust and competition compliance.

A lawyer network was launched in 2017 and training has taken place to improve their expertise around competition/anti-trust laws. An increasing number of employees have also been trained. All employees will need to be certified.

2018 outlook and plans: Training, including e-learning modules, is being further expanded in 2018 with metrics being developed to track engagement. The lawyer network is contributing more data to feed into training and risk assessment indicators.