Frontken Berhad Annual Report 2018

32 Frontken Corporation Berhad (651020-T) ANNUAL REPORT 2018 BOARD’S RESPONSIBILITY ON RISK MANAGEMENT AND INTERNAL CONTROL (CONT’D) In applying Practice 9.1 of the MCCG, the Board has formalised an Enterprise Risk Management framework (“ERM Framework” or “Framework”) that encapsulates pertinent policies and guidelines to streamline the Group’s risk management initiatives and activities in a structured and holistic manner to safeguard shareholders’ investment and the Group’s assets. This Framework accords largely with the ISO31000:2018 Risk Management – Guidelines, which set out the key principles, framework and process on risk management. With this Framework, the Board has established an on-going process to identify, N_JU^J]N LXW][XU [NYX[] JWM VXWR]X[ \RPWR࠰LJW] K^\RWN\\ [R\T\ OJLNM Kb ]QN 0[X^Y XW JW XWPXRWP KJ\R\ =QN +XJ[M ]Q[X^PQ its Audit Committee, reviews the outcome of this process, including mitigating measures implemented by Management to JMM[N\\ ]QN TNb [R\T\ J\ RMNW]R࠰NM =QR\ Y[XLN\\ QJ\ KNNW RW YUJLN OX[ ]QN ࠰WJWLRJU bNJ[ ^WMN[ [N_RN` JWM ^Y ]X ]QN MJ]N XO approval of this Statement for inclusion in the Annual Report of the Company. RISK MANAGEMENT FRAMEWORK – WHAT IT IS AND HOW IT FUNCTIONS Risk management is embedded in the Group’s key business processes through its ERM Framework, which sets out, inter- alia, an easy-to-understand step-by-step approach to identify and evaluate risks faced by business units and, by extension, the Group. To streamline risk management processes and activities, the Board has formalised in writing relevant risk management policies and guidelines for adherence by business units across the Group. The ERM Framework embodies a \][^L]^[NM J\\N\\VNW] Y[XLN\\ L^UVRWJ]RWP RW ]QN LXVYRUJ]RXW XO \YNLR࠰L [R\T Y[X࠰UN\ XO TNb K^\RWN\\ ^WR]\ JWM LXVYJWRN\ RW ]QN 0[X^Y Kb ;R\T 6JWJPNVNW] >WR]\ ۷;6>\۸ RWLU^MRWP ]QN \NVR JWW^JU ^YMJ]N XO [R\T Y[X࠰UN\ ]X ]JTN RW]X JLLX^W] ]QN vagaries of evolving business environment as well as emerging risks. =QN RWMR_RM^JU [R\T\ RW ]QN Y[X࠰UN J[N \LX[NM OX[ ]QNR[ URTNURQXXM XO XLL^[[NWLN JWM ]QN RVYJL] ]QN[NXO KJ\NM XW J ۳ Kb ۴ [R\T matrix, deploying parameters established for each key business unit or company in the Group. The risk parameters comprise [NUN_JW] ࠰WJWLRJU JWM WXW ࠰WJWLRJU VN][RL\ OX[ [R\T\ ]X KN N_JU^J]NM RW ]N[V\ XO URTNURQXXM XO ]QNR[ XLL^[[NWLN JWM ]QN RVYJL] thereof – this feature essentially articulates the Board’s risk appetite, i.e. the extent of risk the Group is prepared to take or seek in achieving its business objectives. -N]JRU\ XO \YNLR࠰L [R\T\ J[N MXL^VNW]NM RW RWMR_RM^JU [R\T [NPR\]N[\ LX_N[RWP ]QN [R\T MN\L[RY]RXW [XX] LJ^\N\ XO [R\T [R\T consequences, internal controls implemented by Management to address the root causes, Management’s assessment of the effectiveness of internal controls and the residual risk rating, i.e. the balance of risk after considering the effects of internal controls deployed to mitigate the risk. The action plans that Management has taken and/or is taking to mitigate the risks to acceptable levels are reported by the RMUs to the Audit Committee and the outcome is documented in the Audit Committee meeting minutes. The Audit Committee is tasked to brief the Board the outcome of the risk update and mitigating VNJ\^[N\ MNYUXbNM RWLU^MRWP JWb \RPWR࠰LJW] R\\^N\ ]QN[NO[XV /X[ NJLQ XO ]QN K^\RWN\\ [R\T\ RMNW]R࠰NM J [R\T X`WN[ R\ NW][^\]NM ]X NW\^[N JYY[XY[RJ]N JL]RXW\ J[N ]JTNW ]X VR]RPJ]N ]QN [R\T ]X JW JLLNY]JKUN UN_NU `R]QRW \YNLR࠰NM ]RVNURWN =QN Risk Coordinator of the Group, when reviewing the risk update by business units, enquires into the status of action plans ^WMN[]JTNW Kb 6JWJPNVNW] XO ]QN K^\RWN\\ ^WR]\ LXWLN[WNM KNOX[N [NYX[]RWP ]X ]QN *^MR] ,XVVR]]NN -^[RWP ]QN ࠰WJWLRJU year under review, there were two (2) risk updates conducted by the various business units and companies in the Group with the outcome reported by the Risk Coordinator to the Audit Committee and the Board for further comments. The business [R\T\ J\ RMNW]R࠰NM NWLXVYJ\\NM [R\T\ XW \][J]NPRN\ ࠰WJWLN XYN[J]RXW\ [NP^UJ]X[b LXVYURJWLN [NY^]J]RXW LbKN[ \NL^[R]b and sustainability. INTERNAL CONTROL SYSTEM – THE SALIENT FEATURES Apart from those internal controls deployed by Management to mitigate risks as mentioned above, the Group’s internal control system also covers the following key elements: ۽ JW X[PJWR\J]RXW \][^L]^[N `R]Q LUNJ[Ub MN࠰WNM URWN\ XO [N\YXW\RKRUR]RN\ JWM JYY[XY[RJ]N UN_NU\ XO MNUNPJ]RXW JWM J^]QX[R]b RWLU^MRWP ࠰WJWLRJU URVR]\ XO J^]QX[R]b RW JYY[X_RWP ][JW\JL]RXW\ JL]R_R]RN\ J\ `NUU J\ VJWMJ]N ]X XYN[J]N KJWT JLLX^W]\ The structure also sets out clear reporting lines and segregation of duties for key processes like strategic management, operations, sales and collections, procurement and payment, human resource, capital expenditure, research and MN_NUXYVNW] ࠰WJWLRJU [NYX[]RWP LX[YX[J]N JOOJR[\ JWM RW_N\]VNW]\$ ۽ a process of hierarchical reporting which provides a documented and auditable trail of accountability, with appropriate sign-off by personnel entrusted with the responsibilities; Statement On Risk Management And Internal Control (cont’d)