MSM Malaysia Holdings Berhad Annual Report 2020

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL BOARD AND BOARD COMMITTEE Risk Management Framework and Process An effective risk management framework seeks to protect an organisation’s capital base and earnings without hindering growth. An overview of the Group’s Risk Management Framework is depicted below: Key Senior Management MANAGE First line of defence – Functions that own and manage Risks Subsidiaries Policies and Standard Operating Procedures OVERSEE Second line of defence – Functions that oversee risks, control and compliance Compliance, Compliance and Risk Management Group Governance Group Risk Fourth line of defence – Set requirements and/or perform independent assurance External Auditors Regulators Other External Bodies ASSURANCE Third line of defence – Internal functions that provide independent assurance Group Internal Audit The Risk Management Framework: MSM has adopted the 4 lines of defence model as the fundamental approach to ensure the effectiveness of risk management. The framework seeks to minimise risk incidents and maximise business outcomes by allowing us to: • Understand the risk environment, and assess the specific risks and potential exposure. • Determine how best to deal with these risks to manage overall potential exposure. • Manage the identified risks in appropriate ways. • Monitor and seek assurance on the effectiveness of the management of these risks and intervene for improvement where necessary. • Escalate to the Management and Board on a periodic basis on how significant risks are being managed, monitored, assured and improved. The process of risk management adopted by the Group is illustrated below: Establish Context Identify Risk Analyse Risk Evaluate Risk Treat Risk Monitor and Review Communicate and Consult MSM MALAYSIA HOLDINGS BERHAD Annual Repor t 2020 114 CHAIRMAN’S STATEMENT DELIVERING VALUE MSM OVERVIEW MANAGEMENT DISCUSSION & ANALYSIS GROUP FINANCIAL REPORT