UEM EDGENTA BERHAD ANNUAL REPORT 2021 1 2 3 4 5 6 7 MANAGEMENT DISCUSSION & ANALYSIS 61 60 KEY RISKS AND MITIGATION KEY RISKS AND MITIGATION Risk Description REGULATORY COMPLIANCE RISK Regulatory compliance risk relates to noncompliance with or arising from revisions in regulations, laws, Government policies, etc. Non-compliance may impact the Group’s business operations, legal and regulatory penalties, financial implications and reputational damage. • A sizeable portion of our businesses are concessions, especially Healthcare Support and Infrastructure Services, and are subject to a broad range of rules and regulations. • Potential exposure to non-compliance and litigation given the Group’s geographical diversity of its business and customers. • Adherence to good corporate governance practices, regulatory and listing requirements in upholding of integrity throughout our business undertakings and proceedings. • Any adversity could result in the suspension of necessary authorisation, licence and/or rights. Lack of regulatory certainty impacts our operations, reputation, and investment decisions. Context Mitigation • The Group has in place service level agreements and contracts to govern contractual agreements with its customers, contractors and vendors. • Regular review assessments undertaken to ensure compliance at all times, with continuous updates on policies and procedures to ensure adequacy, effectiveness and relevance. • Instill a culture of integrity & compliance within the organisation, with the enforcement of internal processes to operations. • Maintain close collaboration with regulatory bodies on emerging legal & regulatory requirements and industry standards & practices. • Have in place appropriate Whistleblowing channels as an avenue for employees, stakeholders and members of the public to report any actual or suspected malpractice, misconduct or violation of Group’s policies and procedures. Risk Description PEOPLE RISK Obtaining and fostering an engaged and talented team that has the knowledge, training, skills and experience to deliver our strategic objectives is vital to our success. Difficulties in attracting, integrating and retaining of talents and competencies required may impact UEM Edgenta’s sustainable growth and performance. • People are one of our greatest assets and key pillars of success for the Group as it underpins our ability to implement the Group’s strategies and deliver the required services and deliverables to our customers and stakeholders. Context Mitigation • We are establishing an Employee Value Proposition to offer the best experience for our employees in exchange for productivity and high performance. We not only hire the right talent, but also retain the best talent by continuously benchmarking against competitive industry practices. • Succession planning framework and plan in place to identify and develop appropriate talents for mission critical positions. • Continuous training and development programmes to be undertaken by Edgenta Academy to upskill and reskill our people, equip them with new talents and knowledge. Risk Description MANAGEMENT INFORMATION SYSTEM RISK Management information system risk is linked to the Group’s expansion and growing footprint into the IT environment and digitalisation, and increased reliance on the internet as well as increased instances of remote/offsite network access. Any major infrastructure failure, cyberattacks or breaches may cause operational disruptions to UEM Edgenta’s operations. • Organisation-wide, we see technology as a key enabler and the biggest game changer which will allow UEM Edgenta to productise existing technology solutions, develop digital healthcare solutions, optimise resources, reduce costs, increase productivity and improve our offerings for better customer and operational outcomes. • Due to the growing connectivity of our systems, there is an increasing risk of exposure to cyber threat, malicious threats to corporate cloud networks, breach of information security, compromised data integrity and privacy, and prolonged disruption of the IT ecosystem. Context Mitigation • Continuous monitoring and strengthening of IT security measures via cyber security solutions covering the network, application, information, end-user and data security. This includes the enhancement of cloud security, monitoring of critical information, security control (utilising infrastructure security protection solutions via firewall, anti-spam/virus, vulnerability assessment, penetration tests, etc). • Regular trainings and constant updates related to cyber threats are provided to all employees to maintain awareness level. • Disaster Recovery Plan in place to ensure continuity of key business operations in the event of information and communications technology failure such as malicious activities, cyber-attacks, malware or major equipment malfunction.
RkJQdWJsaXNoZXIy NDgzMzc=