Tropicana Corporation Berhad Annual Report 2020

Risk Reporting Risk Action Plan Risk Response Risk Ownership Risk Evaluation Risk Identification STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL Pursuant to paragraph 15.26(b) of the Main Market Listing Requirements of Bursa Malaysia Securities Berhad, the Board of Directors (“ the Board ”) is pleased to provide the following statement on the state of internal control and risk management of the Group. This statement was prepared in accordance with the “Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers” issued by the Institute of Internal Auditors Malaysia. The framework is integrated into the Group’s overall management systems, defining the authorities involved, their responsibilities and accountability for implementing relevant internal controls. RESPONSIBILITIES OF THE BOARD The Board of Directors (the “ Board ”) of Tropicana Corporation Berhad (the “ Group ”) is highly committed to maintain a sound system of risk management and internal control in the Group. The Risk Management Framework includes the ongoing process of identifying, evaluating, responding, managing and monitoring significant risk that may affect the Group’s business performance, ensuring that optimum operational function is maintained at an acceptable risk appetite while striving to achieve Tropicana’s overall strategic objectives. The Board endorses the Group’s risk management framework; delegating primary responsibilities for the implementation of the framework across the Group’s business operations to the Risk Management Committee, the Risk Management Department and Business/Operations Head. The Board acknowledges and approves the ongoing process of identifying, evaluating and managing all significant risks faced by the Group that has been in place for the year and up to the date of approval of this Statement for inclusion in Annual Report. In view of the inherent limitations in any system of the risk management and internal control processes, the said system, therefore, is put in place to provide reasonable, but not absolute assurance, against material misstatements, financial losses, defalcations or fraud. During the financial year, the adequacy and effectiveness of the system of internal controls was reviewed by the Audit Committee in relation to the internal audits conducted by Group Internal Audit, as well as control issues reported by the external auditors. For the purpose of this review, the extent of responsibility does not extend to include that of the Group’s associated companies. KEY FEATURES OF THE RISK MANAGEMENT FRAMEWORK To ensure compliance with these guidelines, our group internal audit regularly reviews the integrity and effectiveness of the Group’s system of internal controls. The Board, through its Risk Management Committee (“ RMC ”), is entrusted with the responsibility of implementing and maintaining the Enterprise Risk Management (“ ERM ”) framework to achieve the following objectives: - • Communicate the vision, role, direction and priorities of the Group to all employees and key stakeholders; • Continuously identify, assess, treat, report and monitor significant risks that impact the entire operations of the business in an effective manner; and • Implement systematic risk review and reporting on key risks, existing control measures and any proposed action plans. In emphasizing the Board’s continued commitment to developing an effective Risk Management Framework, the Enterprise Risk Management Programme (“ ERM ”) was formalised in the year 2012 and is overseen by the Risk Management Department to ensure that the Group remains aligned to the framework. The key features of the internal control systems and risk management are as described in the following section. RISK MANAGEMENT GOVERNANCE AND PROCESSES The Group’s RMC with the Board at its apex of the governance structure is assigned to monitor the overall risk profile. The RMC comprises representatives from the Board of Directors, the Chief Executive Officer and Senior Management with the support from the Group’s Risk Management Department. The overall risk reporting process includes three key focus areas as presented below: • The Group’s risk register, encompassing significant and potential risks; • Changes in risk status upon the implementation of mitigationmeasures; and • The Group Risk Profile, highlighting risks pertinent to the operations of the Group is presented to the RMC on a quarterly basis. Risk Management Risk Analysis Continuous monitoring, review, communication, consultation > > Throughout the year, any significant risks highlighted by respective departments within the organisation are compiled and presented to the RMC for their deliberation and management decision. The Group has formulated a clear and defined risk organisation structure that outlines key responsibilities held by respective groups as presented below: Roles and Responsibilities Board of Directors • Oversees the implementation of the Risk Management Framework • Endorses and provides final approval to all risk management strategies and planning Risk Management Committee (“RMC”) • Receives quarterly updates of the Group’s risk management progress • Advises on risk management measures to be initiated by the Risk Management Department and applied by the Business/Operations Head Risk Management Department • Review adequacy and effectiveness of risk management process and system • Review and present to the RMC, the broad terms risk guidelines and risk appetite of the Group on a periodic basis • Review identified key risks of the Group’s operations • Guide Business/Operations Head in identifying, evaluating and managing key risks • Report to the RMC on material and pervasive findings which exceeded the risk appetite and make appropriate recommendations Business/Operations Head • Implements the risk management processes approved by the Board • Submits quarterly updates via the risk register to the Risk Management Department to be presented to the RMC for review and evaluation • Identifies potential and actual risks associated to their respective process and highlights the risk in the risk register 5 4 3 2 1 6 140 141 ANNUAL REPORT 2020 TROPICANA CORPORATION BERHAD GOVERNANCE