MISC BERHAD 194 INTEGRATED ANNUAL REPORT 2023 195 www.miscgroup.com GOVERNANCE SECTION 12 The PME constantly reviews the execution of the project against the project execution plan, which includes the planned programme, procurement schedule, factory test schedule and commissioning schedule. The PME also provides regular reporting to management on the progress and escalating pertinent issues. The Offshore Business’ PD&T provides support and oversight for all project phases from the bid, through Front End Engineering Design (FEED) and execution until handover to the asset management team. During project execution, the team will carry out regular project reviews and risk assessments and formulate risk mitigation to ensure that appropriate actions are taken in a timely manner. Independent reviews which may include external experts, if required, are performed during the project execution phase led by MISC’s GIA. Information & Communication Technology (ICT) MISC Group has largely implemented the Enterprise ICT systems and corporate applications to automate its core business functions and processes. These systems run on ICT platforms and network infrastructure that connect all businesses within the Group. With the implementation of Cloud services, Group ICT has continued to expand its digital footprint in pursuit of operational and service excellence. Group ICT continues to innovate while managing ICT risks for MISC Group by developing its strategic roadmap and governance framework. ICT Strategic Plan and Priorities MISC Group has developed the ICT Strategic 5-year plan which aims to build business resiliency and enable further digitalisation for MISC and the Group via these intended outcomes: • Strengthening the core by enhancing core services to enable business transformation; • Building a data driven organisation and culture to drive business competitiveness; and • Driving business innovation via emerging technology to unlock new value and business growth. ICT Risk and Governance The Information Technology Programme Committee (ITPC) serves as the central platform for the Group in evaluating and monitoring ICT strategic investments. ITPC provides management oversight and business alignment on ICT strategic initiatives. Progress of various ICT strategic initiatives are reported at the ITPC meetings where assessment and monitoring of progress and performance measurement of these initiatives are conducted to ensure smooth and successful implementation. MISC Group has established the ICT Unified Control Framework (UCF) that defines the minimum standards to operate and measure the effectiveness of ICT controls for all ICT functions across the Group. This is to ensure that Group ICT operates at its highest potential, minimises risks and improves Information Technology (IT) governance. Group ICT enhances its project management capabilities by having a dedicated ICT Project Management Office (PMO) function. PMO provides management oversight on all ICT projects to ensure project delivery is done within budget, schedule and resources. The Group ICT PMO establishes the ICT Project Management Handbook by adopting the Project Management Body of Knowledge (PMBOK) standard for project deliveries. • Project engineering team, which mainly provides technical support in project bidding and contracting, feasibility and conceptual studies, retrofitting and modification projects; and • Project management team, which handles project execution post contract signing, engineering review, supervision, guarantee claim management and appraisal of builders’ performance depending on agreed scope of work with the project owner. Two main functions of Eaglestar’s PME are: Statement on Risk Management & Internal Control Cybersecurity A five-year MISC Cybersecurity Strategic plan has been formulated under MISC Sustainability Strategy (Governance Pillar) to provide the roadmap for the continuous maturity of cybersecurity in MISC. The strategy aims to reach a Tier-3 NIST (National Institute of Standards and Technology) maturity level and achieving ISO27001. This strategy is based on the internationally recognised NIST Cybersecurity Framework (CSF) and International Maritime Organization (IMO)/Tanker Management Self-Assessment (TMSA)/Baltic and International Maritime Council (BIMCO) Cybersecurity Framework. Furthermore, MISC Group is also adopting mandatory requirements from International Association of Classification Societies (IACS) for its maritime assets as required by July 2024. A formal cybersecurity team has been established and led by a qualified Chief Information Security Officer (CISO) reporting to the Group HSSE & Sustainability Council. The CISO office provides management oversight in line with the cybersecurity strategy. A 24/7 Security Operating Centre is established to monitor and respond to any possible cybersecurity event. Cybersecurity risks are being addressed through the adoption of the following strategies: The progress of all initiatives is reported regularly to the Group HSSE & Sustainability Council. The Board has been apprised of MISC’s Cybersecurity strategy. Human Resource MISC Group places great emphasis in nurturing a sustainable and healthy talent pool and promotes a high-performance culture that will support the Group’s strategic goals. Our talent attraction and retention strategy involves establishing a stringent recruitment process to identify the right candidate, developing our employees through a series of structured development programmes and recognising and rewarding talents based on merits. Our recruitment processes actively ensure that critical positions are filled within the stipulated time to enable business continuity. MISC Group has also introduced contingent workforce which allows the Group to access talents on a different working arrangement. Our Performance Management System supports our vision to build a high-performance culture, with performance indicators that align to the Group’s strategic goals. Progress is regularly tracked through performance reviews that are done twice annually. We have re-introduced expectation settings and quarterly check-ins to ensure clarity in what employees need to achieve, keep track of the progress and lend support where required. Action plans to address employees’ developmental requirements are prepared and implemented in a timely manner. A structured Succession Planning framework was developed and implemented to identify and develop a leadership pipeline in the Group. The Succession Planning framework takes into account the potential successor’s performance track record, leadership capability and display of the MISC Group cultural beliefs. The Succession Planning framework also provides development plans to be mapped appropriately for each potential successor in order for them to be ready to assume critical positions as the opportunity arises. A special talent review session led by the Management Development Committee is conducted annually to assess and gauge the identified talent pool’s suitability as well as their readiness level for the proposed critical position. To ensure that the Group has the right competency and capability, a structured Functional Competency and Leadership Competency framework is applicable to all employees in the Group. The objective of the Functional Competency and Leadership Competency framework is to have a competent The cybersecurity governance framework outlines the policies and procedures, specifies the cybersecurity control standards and ensures a consistent approach to managing cybersecurity for the Group. Cybersecurity Governance Cybersecurity risks are managed by the team based on a group-wide methodology. All projects and implementation of IT/Operational Technology facilities will be assessed and remediated prior to handing over to operation. Regular assessments are conducted to identify changes in risk profiles and ensure continuous improvement. Cybersecurity Risk Management Formal and structured cybersecurity campaigns and awareness programmes are conducted combining MISC Group internal cybersecurity training and email phishing campaigns. On-going cybersecurity announcements are done to provide security alerts and updates of cybersecurity incidents in developing a security culture where everyone understands that cybersecurity is everyone’s responsibility. Cybersecurity Culture MISC Group adopts proven and cost effective technology solutions in detecting and preventing cyber attacks, as well as responding and recovering from cyber attacks. These technologies comprise of Artificial Intelligence, cloud computing and data analytics and are revised regularly to reduce MISC Group’s risks from cyber attacks. Cybersecurity Technology Statement on Risk Management & Internal Control
RkJQdWJsaXNoZXIy NDgzMzc=