Three Lines of Defence Model The Group adopts a ‘Three Lines of Defence’ approach for its risk management. It provides an overview of the Group’s operations from a risk management perspective while assuring the ongoing success of risk management initiatives. 1st line of defence – Own and manage day-to-day risks inherent in business activities including that of risk taking. 2nd line of defence – Establish, implement, maintain, and review effectiveness of risk management and the controls. In addition, they provide overall risk governance and oversight as well as challenging the assessment of 1st line, where applicable. 3rd line of defence – Provide an independent assurance on the overall integrity, adequacy and effectiveness of the risk management and internal control system noted during the risk evaluation process. Lines of defence Governance structure Descriptions 3rd line of defence Board of Directors (“Board”) • Governance of ERM Policy Statement & Framework, oversee overall risk management processes, communicate with stakeholders and shareholders and review risk profile. • BRSC - Oversee and approve Company-wide risk management and sustainability practices. • AC - Provide an objective view and independent report on the effectiveness of ERM and internal control to the Board. • IA - Provide Independent Audit Report on ERM and internal control effectiveness and follow up on status of managements’ action plans. Board Risk & Sustainability Committee (“BRSC”) Board Audit Committee (“AC”) Internal Audit function (“IA function”) • MC - Monitor ERM Policy implementation, risk reporting and action plans and manage the business of the Group on an overall basis. • Assist the MC in managing risk-related measures or issues/concerns. • Monitor and report all types of risks to the MC and BRSC. 2nd line of defence Management Committee (“MC”) Group Chief Strategy Officer (“CSO”) Group Governance, Risk and Compliance (“GRC”) 1st line of defence Risk Owner Offshore Production Division Renewables Division Green Technologies Division Offshore Marine Division Corporate • Manage risks of their day-to-day operations and ensure all controls documented within the risk assessment process are practised accordingly. • Manage risks effectively prior to the risk being escalated to the 2nd line of defence. STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL 200 YINSON HOLDINGS BERHAD GOVERNANCE
RkJQdWJsaXNoZXIy NDgzMzc=