Yinson Annual Report 2019

Three Lines of Defence The Group adopts a ‘Three Lines of Defence’ approach for its risk management. This is a simple and effective approach to enhance the communication on the Group’s risk management and controls by clarifying essential roles and duties. It provides an overview of the Group’s operations from a risk management perspective while assuring the ongoing success of risk management initiatives and ensuring that it is applicable to the Group. Business units own and manage the risks as a first line of defence with their vast operational experience. The heads of business units are accountable for all risks and internal controls under their respective areas of responsibility. Based on the structured risk management approach, the business units apply relevant risk responses to their respective key risks. The Risk Department provides an oversight and monitoring function as a second line of defence to facilitate the implementation and monitoring of an effective risk management framework within the Group. Internal Audit reviews the control effectiveness and provides independent assurance to the Board and Management on the effectiveness of the business units and support functions’ governance, risk management and internal controls practices. Line of Defence Line of Defence Line of Defence 1 st 2 nd 3 rd Key Risk Factors For the financial year under review, the following top five (5) risks were monitored and deliberated by the BRMC and the key action plans were highlighted. The following table details the key risks and its mitigating actions. RISK DESCRIPTION MITIGATION Project Concentration Risk Some of the Group’s contracts will be coming to the end of the contract period and hence the Group needs to identify additional sources of income to avoid over-reliance on any single project. The Group is vigorously pursuing project tender bids in other regions which the Group has yet to be involved in. The Management will explore moving into other related industry segments as a means of diversification. Bribery and Corruption Risk Following anti-bribery legislations such as the UK Bribery Act 2010, the US Foreign Corrupt Practices Act (“FCPA”) and the Malaysian Anti- Corruption Commission Act 2009 (“MACC Act”), there is increasing complexity in the regulatory environment and enforcement. For example, the newly incorporated Section 17A of the MACC Act states that if the organisation was to be found guilty of corruption, the senior personnel holding office at the time the offence was committed will be deemed to have personally committed the offence as well. The Group has projects and business dealings with partners in various countries and jurisdictions which will pose a significant challenge in ensuring compliance with the regulations and laws of the countries in which the Group operates. The Anti-Bribery and Anti-Corruption (“ABAC”) Policy and other related policies have been established and approved by the Board in 2018. Awareness and training sessions were provided to Yinson employees across the Kuala Lumpur, Singapore, Oslo and Ghana offices. Third party vendors are required to register with Yinson’s Vendor Registration Portal and sign off on the Certificate of Compliance to Yinson’s ABAC Policy. 93 Yinson Group Overview Strategy and Sustainability Governance Accountability Annual General Meeting