Al-`Aqar Healthcare REIT Annual Report 2019

ROLES PRINCIPAL RESPONSIBILITIES FOR ERM RISK CO- OWNERS 1. Provide support to Risk Officer on key risks identified and to assist in the implementation of risk action plans and key risk indicators thereof; and 2. Engage and discuss with Risk Officer on internal and external activities or circumstances that may give rise to new risks or changes on rating or control effectiveness of existing risks. STAFF 1. Provide assistance to Risk Officer and/or Risk Co-owners on key risks identified and to support the implementation of risk action plans and key risk indicators; and 2. Engage and discuss with Risk Officer and/or Risk Co-owners on internal and external activities or circumstances that may give rise to new risks or changes on rating or control effectiveness of existing risks. INTERNAL AUDIT 1. Assist the Risk Management Committee and the Audit Committee in reviewing the effectiveness of internal controls and providing an independent view on specific risks and control issues, the state of internal controls, trends and events. THE MANAGER’S RISK MANAGEMENT AND INTERNAL CONTROL SYSTEM The periodic meetings of the Risk Management Committee, Executive Committee and the Board are the main platforms by which the Manager’s performance and conduct are monitored. The day-to-day operations of the business are entrusted to the CEO and the management teams. The CEO continuously communicates the Board’s expectations and directions to the management at the management meetings where all risks relating to strategy, operational and financial are discussed and dealt with action plans. The Board is responsible for setting the business direction and strategies aswell as overseeing the conduct of the Manager’s operations through its Board Committees and management reporting mechanisms. Through these mechanisms, the Board is informed of all major issues pertaining to risks, governance, internal controls and compliance with regulatory requirements. RISKMANAGEMENTFRAMEWORKAPPROACH: RISKANALYSISMETHODSANDRISKAPPETITE The Manager adopts ERM practices that enable it to continuously identify, assess, treat and manage risks that affect Al-`Aqar in achieving its objectives within defined risk parameters in a timely and effective manner. All identified risks are recorded in a risk register to facilitate systematic review and monitoring. The ERM practices are embedded into key activities and business processes, enabling proper risk management at the operation level of each property as well as the fund level. Risks identified shall be systematically evaluated with proper mitigating action plans developed to manage the risks to an acceptable level and monitored on a continuous basis. The approach is summarised as below:- RISK ASSESSMENT ESTABLISH THE CONTEXT TREAT RISKS IDENTITY RISKS ANALYSE RISKS EVALUATE RISKS MONITOR & REVIEW COMMUNICATE & CONSULT The period of risk review will be determined by the risk rating, with higher rated risks and associated controls/risk mitigation strategies reviewed more often. Al-`Aqar Healthcare REIT 05 ESSENCE OF CORPORATE GOVERNANCE 95