MANAGEMENT DISCUSSION AND ANALYSIS CONT’D 4.0 KNOWN RISKS (Cont’d) 4.2 Operational Risk Operational risk management, which forms part of the Group’s Enterprise Risk Management Framework, is a continual process applied by the Group in a half-yearly cycle that includes risk assessment, risk decision making, and implementation of risk controls, resulting in acceptance, mitigation, or avoidance of risks. In 2023, the Group reported 562 risks of which 516 (92%) were classified as minor and/or moderate risk. The remaining 8% were addressed with adequate and appropriate mitigation strategies to ensure that the residual risk is minimised. The Group places great importance on ensuring the continuity of all critical business functions and essential services. We have put in place policies, processes and systems under the Business Continuity Plan (“BCP”) and Disaster Recovery Plan (“DRP”) to respond to a range of unexpected disruptions to ensure continuous and uninterrupted conduct of business and provision of services to our customers. The Group has established a dedicated back-up site, with all requisite infrastructure and services to support our BCP operations. Annual BCP testing was conducted and tested for all Critical Business Functions (“CBF”) as part of operational resiliency in the event of a BCP activation. The Group successfully conducted BCP testing in October 2023 in accordance with Bank Negara Malaysia’s (“BNM”) Business Continuity Management guidelines and internal procedures. This BCP exercise witnessed the mobilisation of 318 HQ staff to ensure comprehensive testing and an accurate reflection of actual operational circumstances, which in turn, facilitated more effective formulation and implementation of remedial actions. 4.3 Cyber Risk As a leading payment solutions provider, the Group is committed to building and strengthening our team through improvement in our digital skills and access to the latest tools and technologies. The Group has placed an intense focus on continually strengthening its cybersecurity stance to safeguard the security and integrity of our systems against cybersecurity threats. The Group has implemented adequate measures to address these ever-evolving threats, in order to ensure protection of its stakeholder data as well as the integrity and availability of its services. The Group continues to enhance its information technology and resiliency capabilities by putting in place further cybersecurity controls. 4.4 Liquidity Risk As indicated in Section 2.6, the Group is in a net cash surplus position and therefore has no net gearing. Short-term purchases for Telco prepaid top-ups are funded with internally generated cash or Banker’s Acceptances. EDC terminal purchases are funded with bank term loans. The Group plans to fund its expansion in the Direct Acquiring business by additional bank term loans and internally generated cash where appropriate. 4.5 Foreign Currency Risk EDC terminals are purchased in USD and therefore can expose the Group to foreign currency risk, as the Group’s functional currency is Ringgit Malaysia. The Group minimises its exposure to foreign currency risk by purchasing USD spot at the time of recording the vendor liability. The Group does not hedge against any foreign currency fluctuations in the net asset value of its overseas subsidiaries as these investments are of a long-term nature. This would, however, be re-visited should a significant event occur that would cause a permanent diminution in the foreign currency denomination of its overseas subsidiaries. 4.6 Credit Risk Credit risk is the potential loss arising from customers’ failing to meet their financial contractual obligations. The Group’s credit risk strategy is to strike a balance between credit quality, earnings and sustainable growth. Periodic reviews of underwriting, credit and recovery policies are undertaken to ensure an acceptable credit risk exposures. 14 GHL SYSTEMS BERHAD 199401007361 (293040-D)
RkJQdWJsaXNoZXIy NDgzMzc=