Board of Directors Risk Management Committee Risk Management Department Head of Departments Risk reporting Risk control, monitoring, reporting Risk identification, assessment, prioritisation Risk Management Process Primary responsibility and accountability on ensuring the risk management framework and internal controls are applied across the Group is overseen by the Group Managing Director and supported by the Group Non-Executive Director, as well as the rest of the members in the RMC. The Board receives reasonable assurance on the effectiveness of the Group’s risk management practices and internal control systems as reported and advised by the RMSC. The RMSC comprises representatives from the Board of Directors and Group Managing Director whom are guided by formalised risk reporting and operational feedback provided by the Risk Management Department. The overall risk reporting process is conducted on a quarterly basis with emphasis on three key focus areas: • Risk Register, encompassing significant and potential risks • Risk rating, recording changes in risk status upon the implementation of mitigation measures; and o The Group Risk Profile, highlighting significant risks and mitigating controls pertinent to the operations of the Group Throughout the financial year, any significant risks highlighted by respective Head of Departments within the organisation are monitored and analysed by the Risk Management Department and reported to the RMSC for their deliberation and management decision. The Board endorses a clear and defined risk organisation structure that outlines key responsibilities held by respective groups as defined below: Roles and Responsibilities Board of Directors • Identify principal risks and ensure implementation of appropriate systems to manage these risks • Determine the risk management policy • Approve risk management philosophy; and • Communication with external shareholders and other stakeholders and • review the risk profile of the Group Risk Management and Sustainability Committee (“RMSC”) • Review and recommend risk management strategies, policies and risk appetite/ tolerance for board’s approval • Review and assess adequacy of risk management policies and framework in identifying, measuring, monitoring and controlling risk and the extent to which these are operating effectively; and • Review management’s periodic Group Risk Profile reports on risk exposure and risk management activities Risk Management Department • Review adequacy and effectiveness of risk management process and system; • Review and present to the RMSC, the broad terms risk guidelines and risk appetite of the Group on a quarterly basis • Review identified key risks of the Group’s operations • Report to the RMSC on material and pervasive findings which exceeded the risk appetite • Guide Business/Operations Head in identifying, evaluating and managing key risks; and • Monitor progress of action plans to address key risks identified Risk owners (Head of Department/ Head of Divisions) • Implements the risk management processes approved by the Board • Submits quarterly updates via the risk register to the Risk Management • Department to be presented to the RMSC for review and evaluation • Identifies potential and actual risks associated to their respective process; highlights the risk in the risk register and make appropriate recommendations and controls to mitigate the risk Roles and Responsibilities of Risk Organisation 162 ANNUAL REPORT 2023
RkJQdWJsaXNoZXIy NDgzMzc=