Yinson Annual Report 2020

173 Annual Report 2020 Risk Description Mitigation achieved in FYE 2020 Corporate funding risk Corporate funding covers working capital costs, equity injection and debt servicing of the Group. Inability to secure funding may lead defaults on debt obligations or failure to meet repayment schedules Successful fundraising through issuance of perpetual securities, refinancing of existing projects and monetising our investment in long-term FPSO projects through divestment to strategic partners Cybersecurity risk Cybersecurity risk is the probability of exposure to leakage of confidential data or financial loss resulting from a cyberattack or data breach • Built a cybersecurity team comprising highly qualified personnel • Conducted Group-wide cybersecurity assessment • Implemented cybersecurity awareness training INTERNAL CONTROL STRUCTURE Key elements of the Group’s risk management and internal control structure are as follows: Board, Board Committees, and MC • The summarised roles and responsibilities of the Board, Board Committees and MC are found in the diagram above • These are further defined in within their Terms of Reference, available on Yinson’s website at www.yinson.com Internal Audit, Risk Department, external service provider • The summarised roles and responsibilities of the Internal Audit function, Risk Department and external service provider and are found in the diagram above Defined structure, reporting line, authority and responsibility The following aspects are clearly defined within our organisation structure: • Reporting lines • Delegation of authority (including limits of authority) • Responsibility • Accountability to Board Committees, including the AC, and business units Group Code of Conduct and Business Ethics • Defines the foundation and expectations relating to the Group’s ethical standards and personal conduct • Includes other references such as the Anti-Bribery and Anti-Corruption Policy, Anti-Money Laundering Policy and Whistleblowing Policy and Procedure Management Systems Standard • Group-wide operations are certified to ISO 9001:2015, ISO 14001:2015 and OHSAS 18001:2007, International Safety Management (ISM) Code and International Ship and Port Security (ISPS) Code • Adherence to these certifications enables the Group to manage the safety and quality of our operations • Complements internal audits by management and annual surveillance audits by independent certification bodies Policies and procedures • Internal policies and procedures established and documented in manuals, then periodically reviewed and revised in line with business, operational and mandatory requirements • New policies are tabled to MC for initial review, subsequently tabled to the AC and Board for final approval