STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL RISK MANAGEMENT MODEL & PILLAR The key areas under the GRC’s purview can be portrayed in the following pillars: Management of Risk Automation Solution Responsible to review risk processes within the Group and continuously enhance the risk process through automated solutions. Risk Assessment, Monitoring, Review & Reporting Conduct quarterly risk assessment reviews on all the business functions within the Group. Conduct ad hoc risk review on new or existing projects and business functions. Risk Awareness & Communication Create awareness and seamless communication pertaining to the risk review and assessment process within the Group. Crisis Management Plan Formulate and establish Crisis Management Plan. KEY DEVELOPMENTS IN FYE 2022 Renewable Energy Risk Profile As the Group is expanding with the establishment of the Renewables Division, it is crucial to understand and manage the overall risk landscape within the renewable energy segment. The GRC Department commenced the development of the renewable energy risk profile in Q4 2021 with the Renewables Division and completed the development of the risk profile and action plans. This risk profile was presented to the MC in February 2022 for feedback and concurrence. Enhancement of ERM Division Policy & Framework The GRC Department reviewed and revamped the ERM Policy & Framework taking into consideration the new business segments (i.e. Renewables and Green Technologies) in Q4 2021. Several key enhancements that were made are as follows: • Decentralisation of quarterly risk assessment process Designated risk coordinators have been appointed for the various business segments and entities to facilitate the internal risk assessment with input from the GRC Department. • Enhancement to the existing risk matrix The enhanced risk matrix provides more granularity in its categorisation, which will enable the Group or respective business divisions to mitigate risks more effectively. • Scope of risk assessment Ensuring that the risk evaluation and assessment process includes the newly ventured business divisions i.e. Renewables. Embarking into automating the risk management process The Group is embarking into the automation of the risk management process through the implementation of an IT risk management system to manage risk profiles and register data. The implementation of the risk management system will allow the Group to utilise a single risk repository system to capture more accurate risk data, enhance the risk dashboard and facilitate access to live risk information. The system can also integrate with other relevant operating systems to enable risk monitoring in a more effective manner. Conduct risk assessment review for Yinson’s Kuala Lumpur, Miri & Nigeria offices During the quarterly review of the Group risk profile, energy transition risk was added as part of the Top 5 Risks given that the Group is committed to manage the energy transition landscape which will result in emerging risks as well as opportunities across the Group. 201 ANNUAL REPORT 2022 GOVERNANCE
RkJQdWJsaXNoZXIy NDgzMzc=