Datasonic Group Berhad Annual Report 2020

DATASONIC GROUP BERHAD I ANNUAL REPORT 2020 (Registration No. 200801008472 (809759-X)) 78 RISK MANAGEMENT & INTERNAL CONTROL SYSTEMS The key features of the Group’s risk management and internal control system are the three lines of defence with established functional responsibilities and accountability for the management of risks and internal controls as depicted below:- • Own, manage and control risks by implementation of internal controls. • Provided by the Executive Directors, Management and Heads of Department. • Coordinate and facilitate risk management activities routinely among the various business units and/or support & administration functions, including monitoring progress of risk mitigation plans. • Provided by Risk Management Function. • Performs regular reviews of the Group’s operations and system of internal controls and provide independent assurance on the adequacy and effectiveness of the controls processes implemented by business process owners and Management. • Provided by the Internal Audit Department. FIRST LINE OF DEFENCE SECOND LINE OF DEFENCE THIRD LINE OF DEFENCE RISK MANAGEMENT Risk Management Function The risk management function assist the Risk Management Committee in discharging their risk management responsibilities. The risk management function comprises of Risk Facilitators, who are mainly members of the Group Strategic Management Office. The risk management function, facilitates periodical operational risk reviews, and amongst other are tasked to:- a. Act as the central contact and guide for clarification of Enterprise Risk Management (“ERM”) issues within the Company; b. Coordinate the risk management activities routinely among the various business units and/or support & administration functions, including monitoring progress of risk mitigation plans, and supervises ERM policy implementation within the Company; c. Prepare reports to the Risk Management Committee and maintains relevant documentations on the ERM processes; and d. Establish a common risk management language that includes commonmeasures for likelihood and consequences, and common risk categories as well as communicate ERM information within the Company to create risk awareness amongst the staff. Statement on Risk Management and Internal Control (Cont’d)