Yinson Annual Report 2021

172 YINSON HOLDINGS BERHAD SECTION 06 : GOVERNANCE STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL THREE LINES OF DEFENCE MODEL The Group adopts a ‘Three Lines of Defence’ approach for its risk management. It provides an overview of the Group’s operations from a risk management perspective while assuring the ongoing success of risk management initiatives. 1 st line of defence h Business units own and manage the risks as a first line of defence with their vast operational experience. h The heads of business units are accountable for all risk and internal controls under their respective areas of responsibility. h Based on the structured risk management approach, the business units apply relevant risk responses to their respective key risks. 2 nd line of defence h GRC provides an oversight and monitoring function as a second line of defence to facilitate the implementation and monitoring of an effective risk management framework within the Group. 3 rd line of defence h Internal Audit reviews the control effectiveness and provides independent assurance to the Board and Management on the effectiveness of the business units and support functions’ governance, risk management and internal controls practices. KEY RISK FACTORS OF FYE 2021 RISK DESCRIPTION MITIGATION ACHIEVED IN FYE 2021 Project Concentration Risk Some of the Group’s contracts are coming to an end, potentially creating reliance on a small number of projects. t $POUJOVF QVSTVJOH PUIFS '140 QSPKFDU UFOEFS CJET BOE opportunities following the award of the FPSO Anna Nery (Marlim 2) project. t 5P ESJWF UIF 3FOFXBCMFT %JWJTJPO BT POF PG UIF NBJO SFWFOVF streams, where Yinson will build, own and operate renewable generating assets. Project Cost Overrun Risk As FPSO projects are typically long-term in nature, project cost overruns could have a negative impact on the project profit margins and affect the cash flows of the Group. t $POUJOVPVT SFWJFX BOE JNQSPWFNFOU PG QSPKFDU DPTU management. t 0OHPJOH CVJMEJOH PG QSPKFDU UFBN GPS '140 "OOB /FSZ (Marlim 2) project. t 0OHPJOH EJHJUBMJTBUJPO PG CVTJOFTT QSPDFTTFT BOE TZTUFNT J F VRP system and tracking development system). Project Delay Risk Monitoring and assessment of project schedule are necessary to ensure that projects proceed without interruption or delay. Inability to meet project schedule may impact project deliverables, subsequently leading to the incurrence of additional costs. To address the impact of the Covid-19 pandemic on the global supply chain, the Group is working closely with its vendors to maintain the timely achievement of project deliverables. t "DUJWFMZ DPMMBCPSBUJOH XJUI NBKPS LFZ WFOEPST PO CVTJOFTT continuity plans with increased communication to anticipate and mitigate potential issues which may cause project delays. t $POTJTUFOUMZ BOE FGmDJFOUMZ SFWJFXJOH BOE JNQSPWJOH UIF RVBMJUZ of information shared via established communication platforms among all related parties.