Yinson Annual Report 2021

173 ANNUAL REPORT 2021 RISK DESCRIPTION MITIGATION ACHIEVED IN FYE 2021 Corporate Funding Risk Corporate funding covers working capital costs, equity injection and debt servicing of the Group. Inability to secure funding may lead to defaults on debt obligations or failure to meet repayment schedules. Successful fundraising through issuance of perpetual securities, refinancing of existing projects and monetising our investment in long-term FPSO projects through divestment to strategic partners. t 8PSLJOH XJUI &YQPSU $SFEJU "HFODJFT TUSBUFHJD QBSUOFST BOE financing the project with mixed equity (i.e. equity loan). t $PNQMFUFE B 64% NJMMJPO SFmOBODJOH FYFSDJTF GPS '140 +", and obtained a USD400 million bridge loan for FPSO Anna Nery (Marlim 2) project. Cyber Security Risk Cyber security risk is the probability of exposure to leakage of confidential data or financial loss resulting from a cyberattack or data breach. t #VJMU B DZCFS TFDVSJUZ UFBN DPNQSJTJOH IJHIMZ RVBMJmFE QFSTPOOFM t 5XP QPMJDJFT BQQSPWFE CZ UIF #PBSE OBNFMZ UIF *OGPSNBUJPO Security Policy and Procedure and Data Privacy Policy and Procedure. t 3PMMPVU PG DZCFS TFDVSJUZ BXBSFOFTT USBJOJOH UISPVHIPVU UIF Group. t $POEVDUFE BO *5 JOGSBTUSVDUVSF SFWJFX TVQQPSUFE CZ BO FYUFSOBM consultancy to identify gaps and develop action plans to protect critical data from cyber security threats. INTERNAL CONTROL STRUCTURE Key elements of the Group’s risk management and internal control structure are as follows: Board, Board Committees and Management Committee t 5IF TVNNBSJTFE SPMFT BOE SFTQPOTJCJMJUJFT PG UIF #PBSE #PBSE $PNNJUUFFT BOE .$ BSF GPVOE JO UIF diagram above. t 5IFTF BSF GVSUIFS EFmOFE XJUIJO UIFJS SFTQFDUJWF 5FSNT PG 3FGFSFODF BWBJMBCMF PO :JOTPO T XFCTJUF BU www.yinson.com . Internal Audit, GRC, external service provider t 5IF TVNNBSJTFE SPMFT BOE SFTQPOTJCJMJUJFT PG UIF *" GVODUJPO (3$ BOE FYUFSOBM TFSWJDF QSPWJEFS BOE are found in the diagram above. Defined structure, reporting line, authority and responsibility The following aspects are clearly defined within our organisation structure: t 3FQPSUJOH MJOFT t %FMFHBUJPO PG BVUIPSJUZ JODMVEJOH MJNJU PG BVUIPSJUZ t 3FTQPOTJCJMJUZ t "DDPVOUBCJMJUZ UP #PBSE $PNNJUUFFT JODMVEJOH UIF "$ BOE CVTJOFTT VOJUT Group Code of Conduct and Business Ethics t %FmOFT UIF GPVOEBUJPO BOE FYQFDUBUJPOT SFMBUJOH UP UIF (SPVQ T FUIJDBM TUBOEBSET BOE QFSTPOBM conduct. t *ODMVEFT PUIFS SFGFSFODFT TVDI BT UIF "OUJ #SJCFSZ BOE "OUJ $PSSVQUJPO 1PMJDZ BOE 1SPDFEVSF "OUJ Money Laundering Policy and Whistleblowing Policy and Procedure. Management Systems Standard t ,FZ EJWJTJPOT BOE GVODUJPOT PG UIF (SPVQhT PQFSBUJPOT BSF DFSUJmFE UP *40 ISO 14001:2015 and OHSAS 18001:2007, International Safety Management (ISM) Code and International Ship and Port Security (ISPS) Code. t "EIFSFODF UP UIFTF DFSUJmDBUJPOT FOBCMFT UIFTF EJWJTJPOT BOE GVODUJPOT UP NBOBHF UIF TBGFUZ BOE quality of our operations. t $PNQMFNFOUT JOUFSOBM BVEJUT CZ NBOBHFNFOU BOE BOOVBM TVSWFJMMBODF BVEJUT CZ JOEFQFOEFOU certification bodies. Policies and procedures t *OUFSOBM QPMJDJFT BOE QSPDFEVSFT FTUBCMJTIFE BOE EPDVNFOUFE JO NBOVBMT UIFO QFSJPEJDBMMZ reviewed, and revised in line with business, operational and mandatory requirements. t /FX QPMJDJFT BSF UBCMFE UP .$ GPS JOJUJBM SFWJFX TVCTFRVFOUMZ UBCMFE UP UIF "$ BOE #PBSE GPS mOBM approval. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL