202 WASCO BERHAD SECTION 5 COMMITMENT TO GOVERNANCE STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL RISK MANAGEMENT The Group Risk Management Framework, which is embedded in the management system of the Group, clearly defines the authority and accountability in implementing the risk management process and internal control system. The Management via RMC assists the Board in implementing the process of identifying, evaluating, and managing significant risks applicable to their respective areas of business and in formulating suitable internal controls to mitigate and control these risks. The Management also provides reasonable assurance that the Group’s risks and internal control systems are effective. All business segments and major departments within the Group conducted risk assessments to identify risks relevant to their areas of responsibility. They analyzed the likelihood of these risks occurring, assessed their potential impact, evaluated the risk levels, and identified existing controls and actions needed to manage these risks to an acceptable level. The resulting risk profiles are documented in risk registers, with each business or operational area maintaining its own register. This process is facilitated by the Group Risk Management. The risk assessment report is submitted to the RMC on a quarterly basis. During the quarterly RMC meetings, the significant risk identified by the business units are presented for deliberation. The RMC reports to the BSC on the significant risk affecting the Group as well as any substantial changes in the business and external environment that may impact the key risks identified. Through the BSC, the Board has approved the Risk Management Framework, which outlines the governance structure and assigns responsibilities across various levels of management and operations. The ultimate responsibility for implementing the framework rests with top management and members of the Wasco Berhad Group Management. This implementation is evidenced by the integration of effective risk management practices into relevant business processes, supporting decision making to achieve the Group’s objectives. The RMC primarily develops, executes, and manages the risk management system to ensure that the Group’s corporate objectives and strategies are achieved within its acceptable risk appetite. It reviews, addresses, and responses to significant identified risks, as well as promotes compliance with applicable laws, regulations, rules, and guidelines, while strengthening internal controls and management information systems. Additionally, the RMC reviews monitoring outputs and ongoing evaluations to confirm that identified risks are effectively mitigated and that controls remain robust. Risk Management Process Review and Monitoring Communication and Consultation • Key objective for risk management • Risk Appetite • Identify the risks • Risk Categories • Gross Risk Assessment • Net Risk Assessment • Identify likelihood, Impact and Risk Matrix • Evaluate risk • Determine acceptability • Accept • Avoid • Transfer • Reduce (likelihood and/ or Impact) Establish the Context Risk Identification Risk Assessment Risk Evaluation Risk Treatment Step 01 Step 02 Step 03 Step 04 Step 05
RkJQdWJsaXNoZXIy NDgzMzc=