05 CORPORATE GOVERNANCE DATASONIC GROUP BERHAD 100 RISK MANAGEMENT & INTERNAL CONTROL SYSTEMS Generally, the Group’s risk management and internal control systems are guided by the ISO 31000 Risk Management - Principles and Guidelines and the Committee of Sponsoring Organisations of the Treadway Commission (“COSO”) Framework respectively. The key features of the Group’s risk management and internal control system are the three lines of defence model with established functional responsibilities and accountabilities for the management of risks and internal controls of the Group as depicted below:- RISK MANAGEMENT Risk Management Framework and Activities The Group’s risk management framework and methodology is guided by the ISO 31000 Risk Management - Principles and Guidelines represented in brief, as follows: - FIRST LINE OF DEFENCE • Own, manage and control risks by implementation of internal controls in the business operations and activities. • Provided by the Executive Directors, the Management and Heads of Department. SECOND LINE OF DEFENCE • Coordinate and facilitate risk management activities routinely among the various business units and/or support & administration functions, including monitoring progress of risk mitigation plans. • Provided by Risk Management function. THIRD LINE OF DEFENCE • Performs regular reviews of the Group’s operations and system of internal controls and risk management. Provide independent assurance on the adequacy and effectiveness of the controls processes implemented by business process owners and Management. • Provided by the Internal Audit Department. Communication and Consuitation Monitoring and Review Risk Identification Risk Analysis RISK ASSESSMENT Risk Evaluation Risk Treatment Establish Content AND INTERNAL CONTROL STATEMENT ON RISK MANAGEMENT
RkJQdWJsaXNoZXIy NDgzMzc=