The Management’s responsibilities in respect of risk management and internal control include: (a) Monitoring and assessing the overall risk profile of the Group including emerging risks in credit risk, market risk, liquidity risk, operational risk, Shariah non-compliance risk, regulatory/compliance risk, contagion risk, IT & cyber risk, and sustainability risk (including climate-related risk); (b) Reviewing and recommending to the BRC relevant policies, guidelines, and procedures to manage risks in accordance with the Group’s strategic vision and overall risk appetite; (c) Designing, implementing and monitoring the effective implementation of risk management and internal control system; and (d) Reporting in a timely manner to the Board on any material changes to the risks together with the corrective and mitigation actions taken. RISK MANAGEMENT The Board recognises that sound risk management and internal control forms an integral part of the Group’s business operations and decision-making process and are critical in ensuring the Group’s success and sustainable growth. The Enterprise Risk Management (ERM) Framework is the foundation of the control mechanisms within the Group. It consists of an ongoing process to identify, assess, measure, manage, control and report material risks affecting the achievement of the Group’s strategic business objectives. The key elements of the internal control system which is guided by the Group’s ERM framework consists of the following: Risk Governance Risk Appetite Risk Management Process Risk Culture INTEGRATED ANNUAL REPORT 202 1 Key Messages Overview Value Creation MD&A Sustainability Leadership Accountability Financial Additional Information 195
RkJQdWJsaXNoZXIy NDgzMzc=