Chemical Company of Malaysia Berhad Annual Report 2019

iii. Management The risk management and control processes are implemented by Management, which is led by the Group Managing Director and Senior Management of the Group, who are collectively responsible for good business practices and governance. Management is also charged with the responsibility of establishing an internal control framework with the objective of controlling the operations of the Group in a manner which provides the Board with reasonable assurance that the control objectives are achieved. This also includes discussion on risk management and internal control issues during the Management Committee meeting to mitigate the Group’s current and emerging risks. iv. Group Risk Management Unit (GRM) The overall risk management process is facilitated by GRM, which maintains regular communication and consultation with management. They also facilitate risk analysis of strategic business objectives, operational initiatives and emerging issues in the Group, as well as conducts quarterly follow-up of the updating of risk profiles and the implementation of risk treatment measures by management. This escalation covers how significant risks are being managed, monitored, assured and improved. v. Group Assurance Unit The Group Assurance Unit assists the ACC in ascertaining that the ongoing processes for controlling operations throughout the Group are adequately designed and are functioning in an effective manner. The Group Internal Auditor is also responsible for reporting to Management and the ACC on the adequacy and effectiveness of the Group’s systems of internal control, together with ideas, counsel and recommendations to improve the systems. RISK MANAGEMENT FRAMEWORK The Board confirms that there is an ongoing group-wide risk management process for identifying, evaluating and managing the significant risks faced by the Group. This risk management process seeks to minimise risk incidents and maximise business outcomes. All new and major investments have to observe a process approval that includes an assessment of the associated risks. The Group has adopted a Risk Management Manual and Guidelines, which is based on ISO 31000, premised on international guideline for managing risk, to ensure that risk management process is consistent across the Group. The line functions within the organisation structure (including the monitoring and assurance functions) provide the necessary support to the Board in ensuring the effectiveness of the Group’s risk management framework. Responsibilities are allocated to the respective functions to enable the Group to have adequate lines of defence in managing its risk. The first line of defence are the risk owners across the businesses of the Group. They define, highlight, report on and manage a variety of risks, including business and operational risks anticipated by them. In doing so, the Management from all businesses or major departments conducted risk assessments to identify the risks relating to their areas of supervision and control, analysed the likelihood of these risks occurring and the consequences if they do occur and evaluated the risk level by comparing against the approved risk criteria, as well as determined the actions being and/or to be taken to manage these risks to an acceptable level. The risk profiles and risk treatment measures determined from this process are documented in risk registers with each business or operations area having its respective risk register. BUSINESS OVERVIEW FINANCIAL STATEMENTS OTHER INFORMATION GOVERNANCE 103 ANNUAL REPORT 2019