STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Overview of Risk Reporting Architecture is illustrated below: Risk Owners CGRM MSMTop Management Board Committee (AGRC) MSM Board of Directors Enterprise Risk Management (ERM) System The Enterprise Risk Management framework enables the subsidiaries, operating units and support functions to exercise a consistent approach for risk identification and institutes a common platform to deliberate and manage risks. The Group has in place a continuous and systematic control structure and process for identifying, evaluating and managing significant risks pertinent to the achievement of the Group’s overall corporate objectives. The control structure and process which has been established throughout the Group is updated and reviewed from time to time to suit the changes in the business environment. Below are the steps of compilation of risk information conducted within the Group: 1 2 3 4 5 Review & Update Review & Approve Review & Determine Review & Approve Report to Board Review, verify, confirm and revise Risk Owner Review, update the Risk Register (RR) quarterly in line with the company’s strategies and objectives. GCEO/GCOO/HOO/HOD Review and approve/reject the RR & the top 10 risk for each subsidiary. Sector Risk Champion Review and determine the top 10 risk for the sector. Sector Head Review and approve the top 10 risk for the sector. Board Reporting on quarterly basis. Risk Champion Review, verify, confirm and revise the Risk Register (RR) that has been updated by Risk Owners. Risk Champion selects the Top 10 Risks for the companies every quarter (Select from established Risk Registers). WHO WE ARE STATEMENT & DISCUSSION BY OUR LEADERS HOWWE OPERATE MSM Malaysia Holdings Berhad ANNUAL INTEGRATED REPORT 2021 254
RkJQdWJsaXNoZXIy NDgzMzc=