2020 UEM Edgenta Annual Report

RISK MANAGEMENT Risk Management Framework • The RMF provides the foundation and organisational arrangement for managing risk across the Group. It illustrates how risk management is embedded in the organisational systems and integrated at all levels and work contexts, making risk consideration part of our day-to-day decision-making and business practices. • Principally aligned with ISO:31000, the RMF includes scope and objectives, emphasis on enterprise-wide risk assessment and management, and Risk Control Effectiveness Indicators (“RCEI”), which measure the appropriateness and effectiveness of risk countermeasures based on demonstrated/observed improvements on key business, operating and financial parameters. • The RMF aims to: - Establish common risk language, modus operandi and direction with regard to risk management. - Convey the Group policy and attitude to risk management. - Set the policy, methodology, scope and application of risk management. - Detail the process for escalating and reporting risks. - Establish the roles and responsibilities for managing risk. - Facilitate open communication between management and the Board with respect to risk; encourage proactive decision making; and - Build an appropriate culture of integrity and risk awareness. KEY FEATURES OF RISK MANAGEMENT FRAMEWORK RISK APPETITE the amount of risk that the Company is prepared to accept or retain in pursuit of its business objectives and value Risk Assessment Methodology Risk Governance and Structure Board of Directors Board Governance and Risk Committee Information & risk reporting Policy & review Risk Management Committee Risk Management Unit Committee Risk, Integrity & Compliance Department Risk Owners (Company/Joint Venture /Business Unit/Division/ Department/Function/ Project/Process & etc.) Establish context Monitor, review & report risks Identify risks Assess risks Clarify objectives Communicate Respond to risks • The RMF has been communicated to employees of relevant levels and will be reviewed for continuous improvement. UEM EDGENTA BERHAD 140 Governance STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL