To enhance risk management across the Group, we adhere to a robust Enterprise Risk Management (“ERM”) framework that is rooted in the internationally recognised ISO 31000 Risk Management – Guidelines standard. The ERM framework is accompanied by our internal control system, through which we monitor and address significant risks impacting our strategies and ability to meet our objectives. The framework is adaptable to the evolving business landscape and undergoes periodic review and adjustment, particularly in response to significant changes in operational procedures, legislation or risk management best practices. It fosters a structured approach to risk management and decision-making across all levels of our Group, driving accountability in managing risks and undertaking mitigation strategies. The framework is supported by the quarterly updating of our Risk Register, which takes into account potential risks across the strategic, financial, operational, human capital and technological dimensions. Additionally, our risk reporting covers emerging concerns such as cybersecurity, environmental, social and governance (“ESG”) factors including climate change and other environmental considerations, as well as geopolitical and regulatory risks. Ultimately, risk reporting falls under the purview of our Board of Directors (“Board”) via its Risk, Governance and Sustainability (“RGSC”) Committee. For further insight into our Risk Management Framework, processes and systems, please refer to the Statement of Risk Management and Internal Control section of this report. OUR ENTERPRISE RISK MANAGEMENT FRAMEWORK Board of Directors Audit Committee Risk, Governance and Sustainability Committee Management Committee Risk and Business Process Management Department Risk Owners/ Co-owners Staff Embedding risk management policy & strategy Monitoring policy and implementation Risk reporting & monitoring Ensure accountability Identification, assessment, implementation & monitoring risk action plan Board of Directors of Subsidiaries Internal Audit External Audit OUR RISK MANAGEMENT OVERSIGHT STRUCTURE Scope, Context, Criteria Risk Assessment Risk Identification Risk Analysis Risk Evaluation Risk Treatment Communication Consultation Continuous Monitoring & Reviewing Recording & Reporting KEY RISKS AND MITIGATION Management Discussion and Analysis – Strategic Review Integrated Report 2023 61
RkJQdWJsaXNoZXIy NDgzMzc=