2021 UEM Edgenta Annual Report

UEM EDGENTA BERHAD ANNUAL REPORT 2021 1 2 3 4 5 6 7 GOVERNANCE 155 154 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL INTEGRITY & COMPLIANCE Integrity & Compliance are the foundation and values in our day-to-day decision-making and business practices. UEM Edgenta is committed to uphold its integrity and compliance value in carrying out its business operations and has the following framework, policy & procedures in place: • Code of Conduct UEM Edgenta’s Code of Conduct expresses our commitment to build trust in our business ecosystem, and it outlines ethical behaviour standards in our business activities, accompanied by important policy statements. • Code of Conduct for Business Partners (“COCBP”) UEM Edgenta’s Code of Conduct for Business Partners sets the expectations for our dealings with this key stakeholder group. • Business Partner’s Letter of Declaration (“BPLOD”) The Business Partner’s Letter of Declaration has been established to maintain a high standard of integrity in our business operations and ensure business partners embrace the spirit of commitment to integrity and high ethical standards as set out in the UEM Edgenta Code of Conduct for Business Partners. • Compliance Framework The framework aims to establish and embed the culture of ethics and integrity, consistent with the values of the organisation and promote the culture of commitment to lawful and ethical behaviour. • Third-Party Risk Management Framework This framework is to safeguard the interests of stakeholders by ensuring that third-party risks are adequately and properly managed to mitigate the impact on reputation, operations, and financials of UEM Edgenta. Compliance checks include: - Evaluation of the Third-Party’s governance, values, code of conduct, anti-corruption programme and policies - Checks for evidence of good practice compliance such as independent anti-bribery audits or certification against ISO 37001 Monitor, review and report risks Risk events and trends have to be continually reviewed, assessed and monitored. Similarly, risk responses are monitored continuously to ensure that risk responses and mitigations remains relevant and are operating as designed and expected. Communication Communication is required for an effective risk management programme. Changing business conditions continuously alter the risk profile of the Group and/ or business, hence, frequent and explicit conversations about risk is vital to maintain continued awareness and management of key risks. Summary of Risk Management Activities Risk management activities undertaken for the financial year at the Group and subsidiary levels to instil a proactive risk management culture and ownership are as follows: Periodic risk awareness briefings and risk management workshops are conducted as continuous efforts to inculcate a proactive riskaware culture within the Group. 1 Risk Management Status Reports are produced quarterly at the minimum and are presented to the RMC, BGRC and Board for deliberation and approval. 2 Quarterly review and monitoring implementation of risk action plans by RICD to ensure appropriateness and effectiveness. 3 Identification and reporting of emerging, key business risks and mitigation plans to the RMC, BGRC and Board for deliberation and approval. 4 Provides risk management consultation and advisory services to projects, investment and potential business leads. 5 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL • Anti-Bribery & Anti-Corruption Policy Statement At UEM Edgenta, we strive to uphold our core values and to present ourselves with integrity, ethics, and accountability as essential components which the Company and its employees must harness at both professional and personal levels. • Anti-Bribery & Anti-Corruption Guide UEM Edgenta takes a zero-tolerance approach to bribery and corruption and is committed to adhering to the highest standards of ethical behaviour in the conduct of all its business dealings and relationships. This is an essential guide to manage bribery and corruption risk. • No Gift Policy UEM Edgenta upholds the “No Gift Policy” to avoid actual or perceived conflict of interest, in accordance with UEM Edgenta’s Code of Conduct. • Conflict of Interest Declaration Procedure This procedure serves as a guide to making a declaration on a possible conflict of interest and actions to be taken therefrom. • Investigation Procedure The procedure has established a consistent process to ensure that alleged violations of UEM Edgenta Code of Conduct, policies and procedures, and applicable rules and regulations are assessed and investigated properly, that outcomes are recorded uniformly and in a timely manner, and that any necessary corrective action and/or external reporting is executed appropriately. • Authorities’ Raid/Visit Procedures This procedure sets out the key practical points to be considered in providing an effective response when facing the authorities’ raid. Whistleblowing Policy and Procedure UEM Edgenta’s Whistleblowing Policy and Procedure (“WBP&P”) provides an avenue for its employees, stakeholders and members of the public to report any actual or suspected malpractice, misconduct or violation of Group’s policies and procedures through dedicated and confidential channels (i.e., Whistleblowing Lodgement Form to the Chairman of the Board or Chairman of BGRC or email to the Whistleblowing Committee at whistleblowing@edgenta.com). The WBP&P encourages the reporting of such allegations in good faith, with the assurance that employees or any parties making such reports will be treated fairly, their identity remains anonymous and are protected from reprisal. All allegations are appropriately followed-up and outcomes shall be reported in the BGRC meetings. INTERNAL CONTROLS The key elements of the internal control system established by the Board that provides effective governance and oversight include: Policies and Procedures Written policies are established to guide how a department or an individual within the Group works or behaves and provide guidance to employees as to what their obligations are. Some policies are supported by procedures which describe the steps the employees shall take to produce an output or to complete a process. The policies and procedures also form part of the various management systems which are reviewed and updated periodically to ensure that they remain relevant and reflective of the Group’s operating and business environment. The Group, via its subsidiaries, have in place several Internationally Accredited Management Systems (for e.g., ISO 9001 – Quality Management System, ISO45001:2018 – Occupational Quality Health & Safety Management System, ISO 14001 – Environmental Management System, ISO 13485 – Medical Devices Quality Management System and ISO/IEC 17025 – Laboratory Management System) to standardise its management and operational processes and to further improve its efficiency. These certifications reflect the Group’s commitment in ensuring the quality deliverables to customers, safeguard safety and health of employees and safeguard the environment. The Group has also established a HSSE Management System, comprising of HSSE Rules, standard operating procedures and processes, to inculcate a strong HSSE culture and sustainable HSSE performance. This also includes introducing an enhanced UEM Edgenta HSSE Management System Manual which seeks to make the HSSE execution simpler and more aligned within the Group.

RkJQdWJsaXNoZXIy NDgzMzc=