MISC Integrated Annual Report 2020

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL For the purpose of risk reporting, a breach of risk event is reported to the RMC and BARC on a quarterly basis, complete with action plans to mitigate the relevant risks. In essence, the risk management processes are as follows: • CM CM is an integrated process that aims to prepare an organisation to respond and manage crisis in the risk areas, to protect people, environment, assets and reputation. A three-tiered response system provides the demarcation of roles and responsibilities between emergency site management, business and services units/subsidiary levels management, corporate and internal/external response agencies and/or authorities. Discuss and deliberate key and significant risk events breaching thresholds as well as the proposed mitigations. Provide guidance to management to ensure the Group’s risks are being managed appropriately. Review, discuss and report all risk events breaching thresholds. Review and discuss risk events breaching thresholds as well as the proposed mitigations. Shortlist of key and significant risk events breaching thresholds. Continous monitoring of risk level using the risk registers. The performance of key risks is monitored using KRI. Any change or movement in the KRIs, will provide an early warning. KRIs that breach set thresholds are reviewed by CP before presentation to RMC for discussion on a quarterly basis. Significant breaches and key risk issues are raised to the BARC for discussion and deliberation. Mitigation to eliminate/minimise risk exposures are deliberated at RMC and BARC. Identify risks and existing controls via risk assessment. Establish risk rating based on matrix and record into risk registers. Select appropriate risk treatment option. Risk profiling Risk monitoring Risk reporting Corporate Planning RMC BARC An incident beyond MISC’s capacity to control and consequently requires action from government and/or other external parties. There may be potential for multiple fatalities and severe damage/injury to assets/personnel and the environment involving neighbouring sites and surrounding communities. A situation where there is danger to life and risk of damage to environment, property and reputation. The incident is within the control of business unit/service unit/subsidiary with limited external assistance. A situation where there is no danger to life, nor risk or damage to environment, property and reputation. The incident is within the control of the unit/site with limited external assistance. Group Crisis Management Team led by President/Group Chief Executive Of cer Emergency Management Team led by respective MD/CEO or VP Emergency Response Team led by On-Scene Commander Notification and Escalation Tier 3 Crisis Tier 2 Major incident Tier 1 Minor incident During the year under review, five drill exercises were conducted for emergencies on vessels and offshore facilities. Drill exercises carried out via simulation of test scenarios validate the effectiveness of response plans, as well as promote continuous improvement as identified in the Group Crisis Management Plan. Drill exercise programmes were also being carried out at the respective business units, services units and subsidiaries. • BCM BCM aims to build the capability of the MISC Group to recover and continue the operations of critical business functions in the event of disruption. Business Continuity Planning (BCP) was established through the BCM process to enhance the MISC Group’s preparedness to recover and restore businesses’ critical functions within a reasonable period of time towards sustaining the Group’s activities and minimising disruptions to stakeholders. Simulation exercises of test scenarios validate the effectiveness of recovery strategies, as well as maintain a high level of competence and readiness as identified in the BCP. While BCP simulations are carried out once every three years, Business Impact Analysis and recovery plan reviews are carried out on a yearly basis. The persistence in exercising and maintaining BCP has paid off for the Group when business disruption was successfully avoided during the onset of the COVID-19 pandemic and the consequential enforcement of the Movement Control Order (MCO) by the government. /////// Business Review / Leadership / Governance / Financial Statements / Additional Information / MISC Berhad / Integrated Annual Report 2020 9 298 MISC Berhad / Integrated Annual Report 2020 9 299 / Additional Information / Financial Statements / Governance / Leadership / Business Review /////// Section Section