165 GOVERNANCE | STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL COMMUNICATION & CONSULTATIONS MONITORING AND REVIEW ESTABLISHING CONTEXT RECORDING AND REPORTING RISK TREATMENT Risk Identification Risk Analysis Risk Evaluation RISK CONTROL SELF-ASSESSMENT Establishing context: The establishment of context defines the scope of the risk management process and sets the criteria to be used for the assessment and evaluation of the risks. The key message that will be discussed within the context settings includes the risk appetite and risk criteria (e.g. reputation, financials, etc.). Risk identification: The objective of the risk identification process is to identify, recognise, and describe the risks associated with the business function. There are various methods that can be applied for the identification of risk during the risk workshop phase. This includes conducting strategic planning workshops, management meetings, interviews, and desk research. Risk analysis: Risk analysis prioritises risks by evaluating their potential impact and likelihood of occurrence and how it could affect business objectives should the said risk occur. Risk evaluation: The risk evaluation process involves the identification of existing key controls and assessments on the effectiveness level which will define the residual rating of the risks following the development and implementation of the existing controls. Risk treatment: This process involves identifying the range of options for treating risks, assessing these options, and prioritising the implementation of treatment plans. Recording & reporting: The tool that can be used to monitor and review risks includes Key Risk Indicators (“KRIs”). The relevant KRIs will be reviewed or populated for the key risks which have material impacts on the Group. manage the risk profiles associated with its associate companies. This proactive approach aims to optimise risk mitigation strategies and contribute to the overall success of Yinson GreenTech’s investments. Risk awareness sessions Throughout the year, risk awareness sessions were conducted for relevant management and key personnel, fostering a profound understanding of risk processes. These sessions comprehensively covered the ERM Policy Statement and Framework, facilitating discussions on both existing and emerging risks. The ongoing commitment is evident in the continuous refinement of the approach and collaborative efforts to address key ERM areas with risk owners. Key initiatives include the introduction of mandatory induction sessions for new joiners and the publication of a bi-monthly internal risk bulletin accessible to all internal employees. These initiatives play a pivotal role in disseminating crucial information on risk matters, ensuring stakeholders are well-informed and aligned with the guiding principle of ‘guarding today, ensuring tomorrow’. ENTERPRISE RISK MANAGEMENT Enterprise Risk Management Process The Group ERM Policy Statement and Framework and other relevant risk guidelines are generally aligned with the Principles and Guidelines of ISO 31000:2018, providing a consistent and streamlined approach in implementing ERM across the Group. The structured risk profiling process is set out as below which is in accordance with the ISO 31000 standard: Enterprise Risk Management Matrix Within Yinson’s ERM Policy Statement and Framework, each recognised risk is systematically categorised using a risk matrix that specifies the likelihood and impact. The likelihood rating reflects the probability of the risk occurring, while the impact rating indicates the extent of the consequences should the risk materialise. Both measurements, in terms of likelihood and impact, can be expressed qualitatively – guided by definitions and past events – as well as quantitatively, involving defined numerical values or KRIs.
RkJQdWJsaXNoZXIy NDgzMzc=