Yinson Annual Report 2018

Governance Statement on Risk Management and Internal Control The Board is committed in maintaining a robust system of risk management and internal control. In this respect, we are pleased to provide the following statement which outlines the nature and scope of risk management and internal control of the Group for the financial year ended 31 January 2018. BOARD RESPONSIBILITY The Board acknowledges its responsibility towards maintaining an effective risk management and internal control system to safeguard our shareholders’ investments and the Group’s assets. The Board is responsible for reviewing the adequacy and effectiveness of the Group’s current risk management and internal control system to ensure that the system remains relevant and applicable for the Group. The Group’s system of risk management and internal control encompasses various types of controls including those of strategic, operational and compliance in nature, as well as internal financial controls for the purpose of managing the risks of the Group. However, the Board acknowledges that notwithstanding having a robust risk management and internal control system in place, the system does not eliminate the risk of failure to achieve the Group’s corporate objectives. Whilst there is no absolute assurance against all risks including material misstatement, loss and fraud, the system is expected to safeguard the Group from identified risks captured in the Group’s overall risk profile. The Board has implemented an ongoing process for identifying, evaluating, monitoring and managing significant risks affecting the achievement of its business objectives and strategies throughout the financial year under review. The process is regularly reviewed by the Board in accordance with the Statement on Risk Management & Internal Control: Guidelines for Directors of Public Listed Companies. The Group Risk Management and Compliance department (“Risk Department”) is responsible for the coordination and implementation of the Group’s Enterprise Risk Management (“ERM”) Policy and Framework as well as monitoring and reporting key risk issues to the Management Committee and Board Risk Management Committee. The Board does not have formal oversight over the risk management and internal control systems of its joint ventures and associate companies, as the Board does not have any direct control over the joint ventures and associate companies’ operations. Nevertheless, the Group’s interest is safeguarded through board representations in the joint ventures and associate companies and/or monitoring controls imposed by the Group. These board representations and/or monitoring controls provide the Board with information to measure the performance of the Group’s investments in the joint ventures and associate companies. Summarised below are the main features of the Group’s risk management and internal control system: 1. Risk Management Structure The Board regards risk management as an integral part of business operations. The Board via the Board Risk Management Committee explicitly assumes the responsibility of identifying principal risks and ensuring implementation of an effective risk management system and reviewing the adequacy and integrity of the Company’s internal control and management information system. The principal roles and responsibilities of the Board in risk management include: • Determine risk management policy; • Approve risk management framework; • Overall risk management oversight; • Communication with shareholders and other stakeholders; and • Review the risk profile of the Group. The Board approves the risk management strategies but delegates authority for day-to-day risk management decisions to Management and business unit heads. In fulfilling its oversight responsibility, the Board as a whole or through delegation to theManagement Committee (“MC”) and assisted by the Risk Department, review the adequacy, integrity and implementation of appropriate systems for risk management. A review process of the Group’s ERM Framework was completed and presented to the Board in November 2017, where the Board approved the ERM Policy & Framework. 76 Yinson Holdings Berhad Annual Report 2018