Yinson Annual Report 2018

Governance Statement on Risk Management and Internal Control (Cont’d) BOARD RESPONSIBILITY (CONT’D) 1. Risk Management Structure (Cont’d) Three Lines of Defence The Group adopts a three lines of defence approach for its risk management. This approach represents a simple and effective approach to enhance the communication on the risk management and controls by clarifying essential roles and duties. It provides an overview of the Group’s operations from a risk management perspective while assuring the ongoing success of risk management initiatives and ensuring that it is applicable to the Group. The business units own and manage the risks as a first line of defence with their vast operational experience. Based on the structured risk management approach, the business units apply relevant risk responses to their respective key risks. The Risk Department provides an oversight and monitoring function as a second line of defence to facilitate the implementation of effective risk management framework within the Group. Internal Audit reviews the control effectiveness and provides assurance to the Board and Senior Management on the effectiveness of the business units and support functions’ governance, risk management and internal controls practices. 1 st 2 nd 3 rd LINE OF DEFENCE LINE OF DEFENCE LINE OF DEFENCE Key Risk Factors For the financial year under review, the following top five (5) risks were identified and discussed by the BRMC and the key action plans were highlighted. i. Project concentration risk Some of the Group’s contracts will be coming to the end of the contract period and hence the Group need to identify additional sources of income to avoid over-reliance on any single project. Mitigation : The Group is vigorously pursuing business potential in other regions which the Group has yet to be involved in. Business development activities will be ramped up to source for new projects. ii. Bribery & corruption risk Following the anti-bribery legislation such as the UK Bribery Act 2010 and the US Foreign Corrupt Practices Act (“FCPA”), there is an increasing complexity in the regulatory environment and enforcement. The Group has projects and business dealing with partners in different countries and jurisdictions which will pose a major challenge in ensuring compliance with the regulations and laws of the countries which the Group operates in. Mitigation: The Group is looking into strengthening its anti-bribery & anti-corruption (“ABAC”) framework and policy which will assist in the detection, prevention and monitoring of bribery and corruption risk issues. 78 Yinson Holdings Berhad Annual Report 2018