2019 UEM Edgenta Annual Report

120 121 UEM Edgenta Berhad UEM EDGENTA AT A GLANCE MESSAGE FROM OUR LEADERSHIP STRATEGIC FOCUS OPERATIONAL REVIEW SUSTAINABILITY EFFORTS CORPORATE GOVERNANCE INTRODUCTION FINANCIAL REVIEW ADDITIONAL INFORMATION Annual Report 2019 Statement on Risk Management and Internal Control Risk Management Committee • Risk Management Committee (“RMC”) assists the Board in ensuring sound and robust Risk Management Framework (“RMF”) to achieve the Group’s strategic objectives, safeguard shareholders’ investments and its assets. Terms of Reference was established and endorsed by the Board to govern its responsibilities and activities. • The RMC is chaired by the Group’s Managing Director/ Chief Executive Officer and consists of Head of Companies of the Group and co-opted members from the management team of the Group. The RMC undertakes the following responsibilities: - Review and recommend risk management policies and procedures for the approval or acknowledgement of the ARC and Board; - Act as Primary Champion of risk management at strategic and operational levels; - Review the on-going adequacy and effectiveness of risk management process; - Review the consolidated risk registers to identify significant risks and whether these are adequately managed; and - Ensure that the ARC and Board receive adequate and appropriate information for review and decision- making respectively. • The RMC is assisted by the Risk, Integrity & Compliance Department (“RICD”) (formerly known as Risk Management and Compliance Department), which is primarily responsible for the implementation of RMF and operationalisation of risk management processes and practices. A Charter, which defines RICD’s responsibilities, scope and authority for the Group has been established and endorsed by the ARC and Board. • Edgenta PROPEL Berhad - ISO 9001:2015 - ISO 14001:2015 - OHSAS 18001:2007 • Opus International (M) Berhad - ISO 9001:2015 - ISO 14001:2015 - OHSAS 18001:2007 • Edgenta Mediserve Sdn. Bhd. - ISO 9001:2015 - ISO 14001:2015 - OHSAS 18001:2007 / MS 1722: Part 1:2011 - ISO 13485:2016 / EN ISO 13485:2012 • Edgenta Environmental & Material Testing Sdn. Bhd. - ISO 9001:2015 - ISO 14001:2015 - OHSAS 18001:2007 - ISO / IEC 17025 • Edgenta GreenTech Sdn. Bhd. (formerly known as KFM Holdings Sdn. Bhd.) - ISO 9001:2015 - ISO 14001:2015 - ISO 45001:2018 These certifications reflect the Group’s commitment in ensuring the quality deliverables to customers, safeguard safety and health of employees and safeguard the environment. Company Values The Group is intensifying the communication and inculcation of the Group’s values: “Enterprising, Teamwork, Integrity, Passion and Success” amongst its employees through description of key behaviours and roll out via leaders and supervisors. Policies and Procedures Written policies are established to guide how a department or an individual within the Group works or behaves and provide guidance to employees as to what their obligations are. Some policies are supported by procedures which describe the steps the employees shall take to produce an output or to complete a process. The policies and procedures also form part of the various management systems and are reviewed regularly and updated when necessary. Briefings and trainings are frequently held to enhance employees’ awareness on the policies and procedures. The Group has dedicated teams to carry out Quality Assurance / Quality Control, Safety, Health and Environment activities. Those teams monitor compliance to the established internal Policies and Procedures, International Management System Standards (ISO 9001 – Quality Management System, OHSAS 18001 – Occupational Quality Health & Safety Management System, ISO 14001 – Environmental Management System, ISO 13485 – Medical Devices Quality Management System ISO / IEC 17025 – Laboratory Management System), contracts and relevant legal requirements. UEM Edgenta has established HSSE Management System to inculcate a strong HSSE culture and sustainable HSSE performance. The HSSE Management System comprises of HSSE Rules, SOPs and processes. This also includes introducing an enhanced UEM Edgenta HSSE Management System (“MS”) Manual which seek to make the HSSE execution simpler and more aligned within the Group. Subsidiaries within the Group have implemented several Internationally Accredited Management Systems to standardise its management and operational processes and to further improve its efficiency. The following subsidiaries have been awarded with various Management System certifications: Statement on Risk Management and Internal Control Risk Management Risk Management Framework • The RMF provides the foundation and organisational arrangement for managing risk across the Group. It illustrates how risk management is embedded in the organisational systems and integrated at all levels and work contexts, making risk consideration part of our day-to-day decision-making and business practices. • Principally aligned with ISO31000:2010, the RMF include scope and objectives, emphasis on enterprise-wide risk assessment and management, and Risk Control Effectiveness Indicators (“RCEI”), which measure the appropriateness and effectiveness of risk countermeasures based on demonstrated / observed improvements on key business, operating and financial parameters. • The RMF aims to: - Establish common risk language, modus operandi and direction with regard to risk management; - Convey the Group policy and attitude to risk management; - Set the policy, methodology, scope and application of risk management; - Detail the process for escalating and reporting risks; - Establish the roles and responsibilities for managing risk; - Facilitate open communication between management and the Board with respect to risk; encourage proactive decision making; and build an appropriate culture of integrity and risk awareness. KEY FEATURES OF RISK MANAGEMENT FRAMEWORK Information & risk reporting • The RMF has been communicated to staff of relevant levels and will be reviewed for continuous improvement. Clarify objectives Communicate Monitor, review & report risks Respond to risks Establish context Identify risks Assess risks Board of Directors Risk Management Committee Risk, Integrity & Compliance Department Risk Owners (Company / Joint Venture / Business Unit / Division / Department / Function / Project / Process & etc.) Risk Management Unit Committee Policy & review Risk Management Approach • The Group adopts a formal and structured approach for risk assessment process. • The methodology comprises sequential steps of risk management activities that are interrelated and iterative. The process applied to the whole of a business (enterprise level) or to any part of a business (divisions, departments, functions, business units, projects, processes). Risk Appetite the amount of risk that the Company is prepared to accept or retain in pursuit of its business objectives and value Risk Assessment Methodology Risk Governance and Structure Board Governance and Risk Committee