MISC BERHAD 186 INTEGRATED ANNUAL REPORT 2023 187 www.miscgroup.com GOVERNANCE SECTION 12 Statement on Risk Management & Internal Control Risk Oversight Structure • Responsible for implementing risk management processes at respective units/subsidiaries. Assist the management in identifying principal risks at Group level and provide guidance and direction in the implementation of group-wide Enterprise Risk Management (ERM) to protect and safeguard MISC’s interest. Review and recommend policies and frameworks specifically to address risks inherent in all business operations and environments pertaining to the Group. Review, deliberate and recommend mitigation actions to ensure that the Group’s risks are being mitigated effectively. Provide a reasonable assurance to the BSRC that the Group’s risks are being managed appropriately. Risk Owners Board Level Management Level Business Unit/ Service Unit/ Subsidiary Corporate Planning (CP) • Reviews and monitors risk reporting quarterly • RMC secretariat • Responsible for the overall oversight of the Group’s risk management systems and activities. Board of Directors • Reviews the adequacy and effectiveness of MISC’s Risk Management Framework and on-going activities for identifying, evaluating, monitoring and mitigating risks. • Reviews the Group’s risk tolerance level. BSRC • Provides a reasonable level of assurance to the BSRC that the Group’s risks are being managed appropriately. RMC The RMC was established to review and monitor the Group’s risk management practices. It is primarily responsible for driving the implementation of the risk management framework and acts as the central platform for the Group. The RMC holds quarterly meetings to review the key risks and at the same time ensure that mitigation plans are in place to manage such risks. The adequacy and effectiveness of the controls and the robustness of the mitigation actions are also addressed. These are then further deliberated at the BSRC and finally reported to the Board on a quarterly basis. RISK MANAGEMENT COMMITTEE Risk Policy MISC’s Risk Policy guides the overall best practice of identifying, evaluating, managing, reporting and monitoring the ever-changing risks faced by the Group and specific measures to mitigate these risks. The emphasis is to effectively reduce the impact of risks, respond to immediate risk events and recover from prolonged business disruption to ensure continuity and sustainability of key business activities as well as delivery of business objectives. It also outlines the general principles for making risk-based decisions, thus strengthening MISC Group’s position as a risk-resilient organisation. MISC is committed to become a risk-resilient organisation. MISC shall continuously strive to implement: • Risk management best practices to protect and create value within the set boundaries; and • Risk based decision-making by providing a balanced and holistic view of exposure to achieve business objectives. Managing risk is everyone’s responsibility. Risk Management Framework The Group’s risk management framework is used to identify, evaluate and manage the principal risks of the Group as described in Risks and Mitigations Strategies on pages 66 to 69 of this Integrated Annual Report. Appropriate internal control systems are also implemented to manage these risks, details of which are set-out in the following pages. Risks across the Group are managed on an integrated basis within stipulated and approved risk management governing documents and LOA. This includes incorporating risk evaluations and assessments in the decision-making process. The risk governing documents as set out below provide a structured and consistent approach in the implementation and institutionalisation of risk management practices across the Group. MISC Risk Policy Defines the goals, purpose and commitment on risk management Enterprise Risk Management Framework Sets out the foundation of ERM practices to assess, treat, monitor and review risks Project Risk Assessment Framework A tool to assess risk associated with a project in various stage-gates Risk Assessment in Decision-Making Guideline Guide to achieve comprehensive and pervasive risk-based decision-making Enterprise Risk Management Process Manual Structured approach in developing and managing risks through effective monitoring and reporting Statement on Risk Management & Internal Control
RkJQdWJsaXNoZXIy NDgzMzc=