2021 UEM Edgenta Annual Report

UEM EDGENTA BERHAD ANNUAL REPORT 2021 1 2 3 4 5 6 7 GOVERNANCE 153 152 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL RISK MANAGEMENT Managing risks is an integral part of the Group’s daily business activities and management decision making process. It involves the activity of identifying, assessing, monitoring and managing risks and uncertainties that could inhibit the Group’s ability to achieve its strategy and strategic objectives. Risk Management Framework The Group has in place a Risk Management Framework (“RMF”) that provides the foundation and organisational arrangement for managing risk across the Group. Principally aligned with ISO:31000, the RMF sets out the context and objectives, emphasising on enterprise-wide risk assessment and management encompassing the identification, assessment and measurement, mitigation responses, as well as monitoring, communicating and reporting of risks. The RMF serves as a tool in managing both existing and emerging risks with the objective to enhance and protect stakeholders’ interests and at the same time to safeguard the Group’s assets and reputation. KEY FEATURES OF RISK MANAGEMENT FRAMEWORK Policy & review Information & risk reporting Board of Directors Board Governance and Risk Committee Risk, Integrity & Compliance Department Risk Owners (Company/Joint Venture/Business Unit/ Division/Department/ Function/Project/ Process & etc.) Risk Management Committee Risk Management Unit Committee RISK APPETITE the amount of risk that the Company is prepared to accept or retain in pursuit of its business objectives and value Risk Assessment Methodology Risk Governance and Structure Establish context Clarify objectives Identify risks Assess risks Monitor, review & report risks Communicate Respond to risks STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Risk Management Approach The Group’s risk management approach follows a process which entails a consistent and systematic approach in the identification, assessment, monitoring and reporting of risk exposures. The risk management process is applied throughout the whole of the Group (enterprise level) or to any part of a business (i.e., divisions, departments, functions, business units and projects). Set/clarify business objectives Identify and understand the objectives for the Group and/or its business. Establish the context Establish the context and boundaries within which the Group and/or the business operates. Risk Identification Identify risks together with their respective causes and consequences which could affect/influence the achievement of the Group and/or business objectives. Risk Assessment Identified risks are prioritised to determine the overall effect on the Group and/or business by evaluating the potential impact on business objectives should a risk materialise together with the likelihood of its occurrence. The Group adopts the following risk rating matrix to articulate the relationship between risk impact and likelihood. Risk Rating Risk Impact Likelihood Insignificant Minor Moderate Major Catastrophic Certain Medium Significant Significant High High Likely Medium Medium Significant Significant High Possible Low Medium Medium Significant High Unlikely Low Medium Medium Significant Significant Remote Low Low Medium Medium Significant Risk Response Risk treatment involves developing a range of responses and options for mitigating the risks. The Group adopts the 4Ts (Take, Treat, Transfer & Terminate) strategy in responding to the identified risks and qualifies these risks according to the acceptable levels by the relevant risk owners and stakeholders. TAKE Intentionally taking risk due to inherent/unavoidable risk or to pursue/sustain higher returns, with informed approval by appropriate level TRANSFER Transfer the risk by moving the risk to third party but accountability still resides with Risk Owners TREAT Mitigation plans established to reduce the likelihood & impact TERMINATE Avoidance by not to proceed or continue with a particular activity or seeking alternative means to achieve objective

RkJQdWJsaXNoZXIy NDgzMzc=