Statement on Risk Management and Internal Control BOARD RESPONSIBILITY The Board of Directors (“Board”) recognises the importance of sound risk management and internal control practices for good corporate governance. The Board affirms its responsibility for ensuring the Group’s system is able to adequately and effectively manage significant risks. The Group has in place an ongoing process for identifying, evaluating and managing significant risks through a framework, which includes a reporting structure. This is supported through a Risk Management Committee (“RMC”) that meets quarterly, receiving risk management updates and taking necessary actions to ensure that risks are managed within the acceptance levels of the company within which they reside. The Group’s system of internal control is designed to manage and mitigate risks appropriately, rather than eliminate the risk of failure to achieve business objective. Due to the inherent limitations in all control systems, these control systems can only provide reasonable and not absolute assurance. The Board has received reports from the RMC via the Governance, Compliance and Risk Committee (“GCRC”) that the Group’s risk management and internal control system is operating adequately and effectively in all material aspects based on the existing risk management and internal control system of the Group in financial year 2023 (“FY 2023”). Based on the reports received from the RMC via GCRC and the reports from various sources (including both internal and external auditors), the Board is of the view that the system of risk management and internal control are in place for FY 2023 and up to the date of approval of this statement is adequate and effective to safeguard shareholders’ interest in the Group, interest of customers, regulators, employees and the Group’s assets. In addition, the Board also received assurances from the Group Chief Executive Officer and Group Chief Financial Officer that the Group’s risk management and internal control system are operating adequately and effectively in all material aspects, based on the risk management model adopted by the Group. RISK MANAGEMENT COMMITTEE The RMC being the sub-committee of the GCRC was established by the Board towards ensuring a sound system of risk management framework is embedded into the culture, processes and structures of the Group. The RMC provides oversight on the effectiveness of the Group’s policies and processes in identifying, evaluating and managing the Group’s risks. The RMC is chaired by the Group Chief Financial Officer and made up of the Senior Management Team of the Group’s significant business segments. The principal responsibilities of the RMC include:- • Reviewing the Group Risk Management Framework, as and when necessary, for approval by the GCRC and the Board; • Ensuring that the processes to identify, assess, treat, monitor and report on all material business risks are functioning as designed; • Maintaining and reviewing both the Group’s top risks and segmental / business unit risk profiles with the assistance from the Group Risk Management every quarter; • Providing guidance and direction to the Business Units on the adequacy and effectiveness of internal control system for the identification and mitigation of material business risks; and • Undertaking any other risk management tasks as may be delegated to the committee by the board. KEY ELEMENTS AND PROCESSES ON RISK MANAGEMENT AND INTERNAL CONTROLS The key elements and processes that have been established in reviewing the adequacy and effectiveness of the risk management and internal control system include the following:- Integrated Annual Report 2023 142
RkJQdWJsaXNoZXIy NDgzMzc=