Liz Doherty

Dear Shareholder

Since I last wrote to you Keith Down, our Chief Financial Officer, stepped down in May. Dunelm's former CFO, David Stead, stepped in on an interim basis with immediate effect and will remain until Keith's successor, Laura Carr, starts later in the year. The rest of the Finance team has been in place throughout the financial year and the Committee is therefore comfortable that the CFO transition has not adversely impacted the year end process.

Apart from the executive change, the most significant activity from a controls and risk perspective was the continued integration of the Worldstores group, which has added significant operational complexity to the business. At the end of the financial year this has largely been completed. The most significant financial controls and risk management procedures are in place across the whole business, and financial accounting systems are due to be fully integrated during the next financial year. The Committee has once again closely reviewed the specific items in the Group financial statements relating to the acquisition.

Our programme of internal audit activity, supported where appropriate by external assurance providers and our newly appointed Group Assurance Manager, continued throughout the year. As well as following up the actions from the report on customs and duty, reviews were completed of payment controls, supplier compliance with stock routines, offshore consolidation warehouses, colleague discounts and processes in place with our major supplier of made-to-measure blinds. We also progressed our plan to develop a full internal audit function. Our internal audit team has worked with the Company Secretary to further align our internal audit programme to the risk register, and to develop more robust KPIs to help the Board assess the effectiveness of our controls and risk mitigations.

The Committee has continued its oversight of the controls in place to address cyber risks which continue to pose a risk to all businesses, and noted that further progress has been made in this area. The proper use and safeguarding of personal data has been a high profile topic this year, and we have received regular reports of the plan in place to implement the requirements of the General Data Protection Regulation (GDPR). Whilst we were GDPR compliant by 25 May, and a number of steps were taken to improve our personal data management, there remain a number of points (for which plans are in place) where further work is required. This will be a continued area of focus and we will receive an update on this at each meeting.

In January 2018, Dunelm published our first payment practices report. We also put in place processes to address the offence of facilitating corporate tax evasion which came into force in September 2017. Both of these were reviewed by the Committee. We have also reviewed progress being made towards the implementation of IFRS 16 which will impact Dunelm in the next financial year. Further detail is given in the financial statements in the Accounting Policies.

We paid our auditors PricewaterhouseCoopers LLP non-audit fees of £15,000 in the financial year in respect of the half year results review (a service now classified as 'non-audit'). This compares to the audit fee of £120,000.

As required by the regulatory guidance we formally reviewed the 2017 audit and found it to be satisfactory. Separately, the Financial Reporting Council's Audit Quality Review team also completed a review of the FY17 audit as part of their routine sampling activity and concluded that only limited improvements were required. The Committee discussed the FRC's recommendations with PricewaterhouseCoopers and concluded that the actions they have agreed to take as a result were reasonable and appropriate given that none of the findings were significant.

We have reviewed our policy on rotation of the statutory auditor and updated it, to bring it in line with regulatory requirements. We will now tender the external audit at least every ten years, and change the audit firm at least every 20 years. This means that whilst there will be a change of audit partner for the FY19 audit; the latest time at which our policy requires us to tender the audit will be for the FY24 financial year.

Looking forward, there are developments in corporate reporting coming into effect within the next two years, including the new Corporate Governance Code, and IFRS 16, which we will review as required.

I look forward to meeting shareholders at the AGM, when I will be happy to take questions on any of this report.

Yours sincerely,

Liz Doherty

Chair of the Audit and Risk Committee

12 September 2018