Dagang NeXchange Berhad Annual Report 2019

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL DAGANG NeXCHANGE BERHAD 72 The Group has in place a transparent and effective risk governance structure that promotes active involvement of the Board, Audit Committee, the Management team and various lines of defence. This places a uniformed ownership, segregation of duties and accountability of risk management across the Group. The Board and Executive Deputy Chairman (“EDC”) oversees and review the strategic level risk management whilst Chief Financial Officer (“CFO”) and the respective lines of defence are accountable for the conduct of the Group’s business and execute measures and controls to ensure that risks are managed effectively. A Risk Management unit within the Group Finance division is established to maintain a risk register of the Group. The unit on quarterly basis identifies, review and maintain all risk movement and update the risk report for deliberation to Audit Committee. Where representation and input from subsidiary companies are required, management members of subsidiary companies will be invited to attend the quarterly Board and Audit Committee meeting. Risk Management Approach At the Group level, inherent risk factors arising from business operations are continuously identified. These identified risk factors are incorporated into the risk register and individually rated as Catastrophic, Major, Moderate, Minor and Insignificant. The rating process is guided by a matrix of likelihood of occurrence and the associated risk impacts, of which both financial and non-financial consequences are duly considered according to the Group’s risk appetite. Key features of the Group’s risk appetite cover strategic, operational, regulatory, financial, technological and reputational risks. The approach guides the Management team and CFO on balancing opportunities and risk management amongst others on assessment of investment proposals, asset management risk, working capital and project risk exposures of the Group. Thereafter, risk owners will initiate the treatment plans and measures towards achieving a residual risk that is within the acceptable tolerance and implemented aligned to the Board’s approval. INTERNAL CONTROL SYSTEMS The Board acknowledges that the internal control systems are embedded within the Group’s operating activities and exist for fundamental business environments. Various set of standards, structures and processes have been established by the Board and implemented to carry out effective internal control systems across the Group. • Core Values Core values are what define the direction and purpose. The four (4) core values – Lean, Agile, Clean and Enterprising serve as the Group belief system, guiding engagements and relationships with the employees, clients and customers. The Group is also committed to upholding a strong culture of integrity and ethical values, as emphasised in the Employee Code of Conduct. The Code applies to Directors and employees. All employees are required to acknowledge that they have read and understood the Code upon commencement of employment. It is updated as and when necessary to ensure that it remains current and relevant in addressing any ethical issues that may arise within the organisation. All employees are required to sign and adhere to the Employee Confidentiality and Non-Disclosure Agreement upon their appointment. • Human Resource Management and Talent Development Group Human Resource has throughout the year continue to invest in personal and professional growth of the employees. Employees are equipped with the right skills and receives upskilling programmes that enable efficiency and effectiveness in delivering Group’s strategies. Group Human Resource has revisited and improvised the succession planning process flow and framework in order to have an integral talent development who are capable of meeting future organisational needs across the Group. Manpower planning requirement is also carried out, mirroring the approved budget planning in order to optimise manpower and increase productivity. Employee training needs are assessed regularly to close any competency gap and performance management is conducted promptly for continuous improvement. • Establishment of Policies and Procedures Elements of internal control have been embedded and documented in the form of policies and procedures. A set of Group level policies and procedures complete with clear responsibility and accountability are maintained and accessible to employees via our internal portal. It is continuously reviewed and updated to reflect changes in the business environment or regulatory guidelines.