Section 7 UEM Edgenta Berhad GOVERNANCE 242 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Summary of Risk Management Activities Risk management activities undertaken for the financial year at the Group and subsidiaries to instil a proactive risk management culture and ownership are as follows: Periodic risk awareness briefings and risk management workshops are conducted as part of continuous efforts to inculcate a proactive risk-aware culture within the Group. Risk Management Status Reports are produced quarterly at the minimum and are presented to the RMC, BGRC and Board for deliberation and approval. Quarterly review and monitoring implementation of risk action plans by RICD to ensure their appropriateness and effectiveness. Identification and reporting of emerging, key business risks and mitigation plans to the RMC, BGRC and Board for deliberation and approval. Provides risk management consultation and advisory services to projects, investment and potential business leads. INTERNAL CONTROLS The key elements of the internal control system established by the Board that provides effective governance and oversight of internal control include: Policies and Procedures Written policies are established to guide how a department or an individual within the Group works or behaves and provides guidance to employees as to what their obligations are. Some policies are supported by procedures which describe the steps the employees shall take to produce an output or to complete a process. The policies and procedures also form part of the various management systems which are reviewed and updated periodically as part of continual improvement to ensure that they remain relevant and reflective of the Group’s operating and business environment. The Group, via its subsidiaries, have in place several Internationally Accredited Management Systems (for e.g., ISO 9001:2015 – Quality Management System, ISO 45001:2018 – Occupational Quality Health & Safety Management System, ISO 14001:2015 – Environmental Management System, ISO 13485 – Medical Devices Quality Management System and ISO 39001:2012 – Road Traffic Safety Management System) to standardise its management and operational processes and to further improve its efficiency. These certifications reflect the Group’s commitment to ensuring quality deliverables to customers, safeguard safety and health of employees and safeguard the environment. The Group has also established a HSSE Management Systems, comprising HSSE Rules, standard operating procedures and processes, to inculcate a strong HSSE culture, behaviour and sustainable HSSE performance. This also includes introducing an enhanced UEM Edgenta HSSE Management System Manual which seeks to make the HSSE execution simpler and more aligned within the Group. The Group has dedicated teams to carry out Quality Assurance/ Quality Control, and Health, Safety and Environment activities to ensure continuous improvement of processes and ongoing compliance with the established internal policies and procedures, International Management System Standards, contracts and relevant legal and other requirements. Organisational Structure The organisational structure of the Group is clear and detailed, defining the roles, responsibilities and reporting line of the various Committees of the Board; Management of the Corporate Office and subsidiaries; departments and individuals. The Board appoints the Managing Director/Chief Executive Officer of the Group, Chief Financial Officer, Chief Strategy Officer, Chief People Officer, Chief Digital Officer, and Heads of Divisions / Business within the Group, as well as holders of mission-critical position. The organisational structure is reviewed regularly to assess its effectiveness and to ensure that it is in line with any changes in business requirements.
RkJQdWJsaXNoZXIy NDgzMzc=