Datasonic Group Berhad Annual Report 2020

DATASONIC GROUP BERHAD I ANNUAL REPORT 2020 (Registration No. 200801008472 (809759-X)) 79 RISK MANAGEMENT (CONT’D) Risk Management Framework and Procedures The ERM framework andmethodology is compliant with and based largely on the ISO31000 ‘RiskManagement- Principles and Guidelines’ represented in brief, as follows:- Risk identification Risk assessment Communication and consultation Monitoring and review Risk analysis Risk evaluation Risk treatment Establish context Additionally, the Standard Operating Procedures (“SOP”) governing risk management processes and reporting procedures are in place to support and outline the policies and procedures for the implementation of the ERM framework. The salient features of the ERM framework and procedures are as follow:- • The roles and responsibilities of the parties involved in risk management system; • At minimum, strategic and operational risk assessment shall be formally conducted and reported to the Risk Management Committee, in conjunction with the approved Risk Review Planning Memorandum. As and when necessary, the Group would also perform project risk assessments. Such risk assessments may be performed depending on the circumstances and/or requirements, i.e. prior to the commencement of significant projects or as and when required under any Acts, rules and regulations, etc; • Procedures for the identification, analysis, evaluation, treatment, communication as well as monitoring and review of risks and risk mitigation strategies. Each risk identified is assessed by considering estimates of both likelihood and consequence or impact in the context of existing control measures, in order to arrive at residual risks and appropriate mitigation strategies; and • Significant risk issues evaluated by the Risk Facilitators are discussed at Risk Management Committee meetings. The Risk Management Committee reviews the effectiveness of the mitigating measures implemented by the Management/risk owners. Significant risk matters that require the attention of the Directors are escalated to the Board. Statement on Risk Management and Internal Control (Cont’d)