GHL System Berhad Annual Report 2019

A N N U A L R E P O R T 2 0 1 9 63 KEY INTERNAL CONTROL PROCESSES (Cont’d) 5. Risk Management (Cont’d) a. Risk Management Committee (“RMC”) (Cont’d) The responsibilities of RMC are as follows: z To identify and assess, on an ongoing basis, the risks faced by the Group, and thereafter to design and implement appropriate risk management processes and internal controls to address or mitigate such risks in an effective manner; z To periodically assess and review the continued effectiveness and appropriateness of risk management processes; z To continuously promote an effective risk awareness culture throughout the Group with written policies and other forms of communication to employees and stakeholders; and z To be accountable and periodically report to the Board, through the ARC, for the design, implementing, and monitoring of the risk management system. The salient features of the RMC process are as follow: z Country Heads, CEO of Subsidiaries, and Head of Departments are tasked to update their respective risk profiles on a half yearly basis and report to the Risk Department confirming that reviewed had been conducted and risk related to their areas had been accessed; and to include action plans which are to be implemented in order to manage the risks that had been identified; z The risks that had been identified are consolidated and tabled to the RMC for its deliberation and monitoring; z Head of Internal Audit was invited to attend the RMC meetings as an independent assessment of the adequacy and reliability of the risk management processes and compliance with risk policies; z The RMC shall meet at least twice a year to review significant risks and the implementation progress. A copy of the RMC meeting minutes is submitted to the ARC for review and deliberation; z Half yearly, the RMC members, i.e. Group CEO, Group CFO, and Group CRO are invited to the ARC meeting to brief the ARC on any risk related events and/or new risks faced by the Group with the corresponding action plans taken to mitigate the risks. b. Risk Framework Risk Management activities are guided by the Group’s Enterprise Risk Management Framework. The risk universe covers a span of activities to determine the risk profile inherent from the nature of business which would compromise the business objectives, if addressed improperly. c. Risk Identification, Evaluation, and Ranking The Management of each Business Unit, in establishing its business objectives, is required to identify and document all possible risks that can affect their achievement, taking into consideration of the effectiveness of controls that are capable of mitigating such risks. Country Heads or Heads of Departments are responsible to identify risks that may have impact in meeting their unit’s business objectives. Risk identification process shall also take into consideration of the following: z Risk specific to the achievement of business objectives; and z Risks that have the potential impact on the success and continuity of the business. Thereafter, identified risks are evaluated as follow: z Probability or likelihood of occurrence; z Significance of the risk; and z Review and assess adequacy of risk management policies and framework in identifying, measuring, monitoring, and controlling risks. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL CONT’D