GROUP RISK MANAGEMENT AND INTERNAL CONTROL SYSTEM (Cont’d) Risk Management (Cont’d) Risk Governance and Oversight Risk governance provides a formalised and transparent structure that promotes involvement from the Board and management in the risk management processes to ensure a uniformed view of risk across the Group. The three lines of defence that address the specific duties and responsibilities related to risk and control functions coordinated within the Group are as follows:- 1st Line of Defence – Risk Taking The first line of defence shall be managed by Business Units (“BU”) who have day-to-day ownership and management over risks and controls. 2nd Line of Defence – Risk Controlling The second line of defence supports Senior Management by monitoring and reviewing the first line of defence to ensure risks and controls are properly managed. Essentially, this is a management and oversight function that owns aspects of the risk management and compliance processes. 3rd Line of Defence – Assurance Party The third line of defence provides assurance to Senior Management and the Board that the first and second lines’ efforts are consistent and meet the expectations. This assurance function is performed by the Group Internal Audit (“GIA”). In providing an effective oversight function, ARC is assisted by the RMC to review the effectiveness of the risk management, compliance, legal, sustainability and other governance related matters. 1. RMC The RMC was established in 2012 as a key component of the risk management framework. The RMC, which is headed by the Group Chief Executive Officer (“CEO”), comprises the Group Chief Financial Officer and Group Chief Risk Officer. The responsibilities of the RMC are as follows: t 5P provide oversight of the Group’s significant risks; t 5P JEFOUJGZ and assess, on an ongoing basis, the risks faced by the Group, and thereafter to design and implement appropriate risk management processes and internal controls to address or mitigate such risks in an effective manner, taking into account the risk appetite and risk tolerance level which the Group is willing to take in achieving its strategic objectives; t 5P QFSJPEJDBMMZ BTTFTT BOE SFWJFX UIF DPOUJOVFE FGGFDUJWFOFTT BOE BQQSPQSJBUFOFTT of risk management processes; t 5P DPOUJOVPVTMZ QSPNPUF BO effective risk aware culture throughout the Group with written policies and regular communication to and training for the employees and stakeholders; and t 5P CF BDDPVOUBCMF BOE QFSJPEJDBMMZ SFQPSU UP the Board, through the ARC, for the design, implementing, and monitoring of the risk management system. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL CONT’D 61 ANNUAL REPORT 2023
RkJQdWJsaXNoZXIy NDgzMzc=