Integrated Annual Report 2023 2 3 4 5 6 7 8 9 1 245 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Business Continuity Management UEM Edgenta maintains an unwavering commitment to fortifying organisational resilience through the implementation of a robust Business Continuity Management (“BCM”) program. This strategic initiative aligns with the organisation’s ongoing efforts to ensure the sustainability of operations and the seamless delivery of essential services, even in the event of crises or disasters. Key components of this commitment include the development and implementation of comprehensive plans such as Business Continuity Plan (“BCP”), Crisis Management Plan (“CMP”), Disaster Recovery Plan (“DRP”), Crisis Communication Plans (“CCP”), Emergency Response Plan (“ERP”), Pandemic Plan (“PP”), Cyber Incident Response Plan (“CIRP”) and other measures aimed at supporting the continuous functioning of business operation. As part of the ongoing enhancement of the BCM program, UEM Edgenta has initiated the ISO 22301:2019 BCMS Certification exercise, reinforcing its dedication to ensuring business continuity and resilience. To further solidify this initiative, UEM Edgenta has been selected under the 12th Malaysia Plan (Rancangan Malaysia Ke-12) by Cybersecurity Malaysia under the Ministry of Communication & Digital to obtain the Business Continuity Management System (“BCMS”) certification. Human Resources Management UEM Edgenta’s internal controls are realised and supported by a formal organisational structure. This official structure is made of defined lines of authority, responsibility and accountability. These lines of authority, responsibility and accountability are continuously and transparently updated and improved to demonstrate good governance. Talent acquisition standard operating procedures and guidelines are established within UEM Edgenta and its subsidiaries. This is to ensure the selection of suitable candidates who meet the job requirements and core competencies for the role in UEM Edgenta. Potential candidates will go through a structured recruitment process which includes interviews by the hiring manager and relevant stakeholders; and for certain roles, additional assessments would be applicable. A thorough and complete preemployment background screening which includes medical screening, checks on past employment records, education and qualification records, credit records, criminal records, directorship and reference check, would be performed before the job offers are issued. This is a control measure to minimise the risk to the Company. To ensure that we are able to develop a capable, agile and competitive workforce, employees are provided with structured internal technical and soft skills training, mobility opportunities and external development programmes, as well as professional certification opportunities for identified employees. Technical skills training is also prioritised through the development of a technical competency framework and subsequent development interventions. These interventions are tied back to the Individual Development Plan of our employees. Management Information System (“MIS”) UEM Edgenta places a paramount emphasis on prioritising cyber security to safeguard its digital infrastructure and incorporates effective governance measures. This commitment is reflected in the implementation of robust access controls and the execution of security audits which form integral components of the governance framework. By adopting this proactive approach, the Group aims to not only meet industry best practices but also fortify its defence against evolving cyber threats. The Group employs a discerning strategy that strikes a delicate balance between harnessing the advantages of cloud technology and ensuring the utmost confidentiality and integrity of its data assets. This entails a continuous cycle of assessments and updates, where the Group meticulously evaluates the evolving landscape of cyber risks and adjusts its security measures accordingly. The proactive stance towards cloud technology use underscores the Group’s commitment to staying ahead of potential vulnerabilities while leveraging the efficiencies and flexibility offered by cloud-based solutions. In essence, the Group’s comprehensive approach to cyber security underscores its dedication to not only meeting compliance standards but also staying at the forefront of technological advancements, thereby fostering a resilient and secure digital environment. Disaster Recovery Planning The Business Continuity Management (“BCM”) process within the Group extends to encompass Disaster Recovery Planning (“DRP”), aimed at ensuring the utmost security for data, systems, and applications stored in the cloud. UEM Edgenta places emphasis on the swift and efficient retrieval of company data, a pivotal aspect of its strategy for maintaining seamless business continuity. The emphasis on quick access to data is instrumental in minimising downtime
RkJQdWJsaXNoZXIy NDgzMzc=