Frontken Berhad Annual Report 2020

Annual Report 2020 39 FRONTKEN CORPORATION BERHAD 200401012517 (651020-T) BOARD’S RESPONSIBILITY ON RISK MANAGEMENT AND INTERNAL CONTROL (CONT’D) InapplyingPractice9.1of theMCCG, theBoardhas formalisedanEnterpriseRiskManagement framework (“ERMFramework”) that encompasses relevant policies and guidelines to streamline the Group’s risk management imperatives in a structured and comprehensive manner to safeguard shareholders’ investment and the Group’s assets. This ERM Framework accords largely with the ISO31000:2018 Risk Management – Guidelines, which set out the key principles, framework and process on risk management. With this ERM Framework, the Board has established an on-going process to identify, evaluate, control, report and monitor significant business risks faced by the Group on an ongoing basis. The Board, through its Audit Committee, reviews the outcome of this process, including mitigating measures implemented by Management to address the key risks as identified. This process has been in place for the financial year under review and up to the date of approval of this Statement for inclusion in the Annual Report of the Company. RISK MANAGEMENT FRAMEWORK – EXTENT OF COVERAGE Risk management is embodied in the Group’s key business processes through the ERM Framework, which sets out, amongst others, an easy-to-understand step-by-step approach to identify and evaluate risks faced by business units and, by extension, the Group. To harmonise risk management initiatives and activities, the Board has formalised in writing relevant risk management policies and guidelines for adherence by business units across the Group. The ERM Framework comprises a structured assessment process, culminating in the compilation of specific risk profiles of key business units and companies in the Group by Risk Management Units (“RMUs”), including the semi-annual update of risk profiles to take into account the vagaries of evolving business environment as well as emerging risks. The individual risks are scored for their likelihood of occurrence and the impact thereof based on a ‘5 by 5’ risk matrix, deploying parameters established for each key business unit or company in the Group. The risk parameters comprise relevant financial and non-financial metrics for risks to be evaluated or quantified, as the case may be, in terms of likelihood of their occurrence and the impact thereof. The use of such metrics essentially articulates the Board’s risk appetite, i.e. the extent of risk the Group is prepared to take or seek in achieving its business objectives. Details of specific risks are documented in individual risk registers, covering the risk description, root causes, risk consequences, internal controls implemented byManagement to address the root causes, Management’s assessment of the effectiveness of internal controls and the residual risk rating, i.e. the balance of risk after considering the effects of internal controls deployed to manage the exposure. The action plans that Management has taken and/or is taking to mitigate the risks to acceptable levels are reported by the RMUs to the Audit Committee and the outcome is documented in the Audit Committee meeting minutes, including any comments that the Audit Committee may have. The Audit Committee is tasked to brief the Board the outcome of the risk update and mitigating measures deployed, including any significant issues therefrom. For each of the business risks identified, a risk owner is entrusted to ensure appropriate actions are taken to mitigate the risk to an acceptable level within specified timeline. The Risk Coordinator of the Group, when reviewing the risk update carried out by business units, enquires into the status of action plans undertaken by Management of the business units concerned before reporting to the Audit Committee. During the financial year under review, there were twenty-two (22) risks identified by the business units and they were mostly related to the impact of the COVID-19 pandemic such as health and safety of staff, disruption to supply, disruption to business operations due to travel restrictions and shortened working hours and logistics with the outcome reported by the Risk Coordinator to the Audit Committee and thereafter to the Board for further comments. The operations of the Group were not disrupted significantly by the COVID-19 pandemic and could operate as usual with minimal interruption. The business risks as identified encompassed risks on strategies, finance, operations, regulatory compliance, reputation, cyber security and sustainability. Statement On Risk Management and Internal Control (cont’d)