Yinson Annual Report 2019

Statement on Risk Management and Internal Control The Board of Directors of the Company (“Board”) is committed in maintaining a robust system of risk management and internal control. In this respect, we are pleased to provide the following statement which outlines the nature and scope of the Group’s risk management and internal control of the Group for the financial year ended 31 January 2019. BOARD RESPONSIBILITY The Board acknowledges its responsibility towards maintaining a sound and effective system of risk management and internal control. The Board is responsible for reviewing the adequacy and effectiveness of the Group’s current risk management and internal control system to ensure that the system remains relevant and applicable to the Group. The Group’s system of risk management and internal control encompasses various types of controls including those which are strategic, operational and compliance in nature, as well as internal financial controls for the purpose of safeguarding our shareholders’ investments and the Group’s assets. It ensures the continuous identification, evaluation, monitoring and management of key risks that may impede the achievement of the Group’s business objectives. However, the Board acknowledges that notwithstanding having a robust risk management and internal control system in place, the system does not eliminate the risk of failure to achieve the Group’s corporate objectives. While there is no absolute assurance against all risks including material misstatement, loss and fraud, the system is expected to safeguard the Group from identified risks captured in the Group’s overall risk profile. The Board is satisfied that the Group has implemented an ongoing process for identifying, evaluating, monitoring and managing significant risks affecting the achievement of its business objectives and strategies throughout the financial year under review. The process is regularly reviewed by the Board in accordance with the Statement on Risk Management & Internal Control: Guidelines for Directors of Public Listed Companies and where required, the Board directs the Management to take the necessary mitigating actions to address the gaps/risks/issues reported. The Group Risk Management and Compliance department (“Risk Department”) is responsible for the coordination and implementation of the Group’s Enterprise Risk Management (“ERM”) Policy and Framework as well as monitoring and reporting of key risk issues to the Management Committee (“MC”) and Board Risk Management Committee (“BRMC”). The Board does not have formal oversight over the risk management and internal control systems of its joint ventures and associate companies, as the Board does not have any direct control over the joint ventures and associate companies’ operations. Nevertheless, the Group’s interest is safeguarded through board representations in the joint ventures and associate companies and/or monitoring controls imposed by the Group. These board representations and/or monitoring controls provide the Board with information to measure the performance of the Group’s investments in the joint ventures and associate companies. Summarised below are the main features of the Group’s risk management and internal control system: 1. RISKMANAGEMENT STRUCTURE The Board regards risk management as an integral part of business operations. The Board via the BRMC explicitly assumes the responsibility of identifying principal risks, ensuring implementation of an effective risk management system and reviewing the adequacy and integrity of the Company’s internal control and management information system. The principal roles and responsibilities of the Board in risk management include: • Determine risk management policy; • Approve risk management framework; • Overall risk management oversight; • Communication with shareholders and other stakeholders; and • Review the risk profile of the Group. The Board approves the risk management strategies but delegates authority for day-to-day risk management decisions to Management and business unit heads. In fulfilling its oversight responsibility, the Board as a whole or through delegation to the MC and assisted by the Risk Department, reviews the adequacy, integrity and implementation of appropriate systems for risk management. The Group has a Risk Management policy and framework in place to identify, evaluate, monitor and manage risks encountered by the Group. The policy and framework are consistent with the principles set out in accordance with ISO 31000 Risk Management guidelines. The main processes of the ERMFramework involve: • the identification of each business risk; • the assessment or evaluation of the identified risk; • steps to ensure that the relevant risk responses are formulated to the key risks identified and managed in line with the needs of the Group’s policies and strategies; and • constant monitoring and communicating of key risks associated with any activity, function or process in a way that enables the Group to minimise losses and optimise opportunities. 91 Yinson Group Overview Strategy and Sustainability Governance Accountability Annual General Meeting