54 GHL SYSTEMS BERHAD 199401007361 (293040-D) ANNUAL REPORT 2021 GROUP RISK MANAGEMENT SYSTEM (Cont’d) 1. Risk Management Committee (“RMC”) (Cont’d) The salient features of the RMC process are as follow: • Country Heads, CEOs of Subsidiaries, and Heads of Department are tasked to update their respective risk profiles on a half yearly basis and confirm to the Risk Department that reviews had been conducted and risk related to their areas had been assessed; and also include action plans which are to be implemented in order to manage the risks that had been identified • The risks that had been identified are consolidated and tabled to the RMC for its deliberation and monitoring • Head of Internal Audit attends the RMC meetings as secretary of the committee and provides an independent assessment of the adequacy and reliability of the risk management processes and compliance with risk policies • The RMC shall meet at least twice a year to review significant risks and the progress on the implementation of the mitigating actions • A copy of the RMC meeting minutes is submitted to the ARC for review and deliberation • Half yearly, the RMC members, i.e. Group CEO, Group CFO and Group CRO are invited to the ARC meeting to brief the ARC on any existing risks and/or new risks faced by the Group with the corresponding mitigation plans. 2. Risk Identification, Evaluation and Ranking The Country Heads, Heads of Department and the Management of each Business Unit, in establishing its business objectives, is required to identify and document all possible risks that can affect their business and the group, taking into consideration the effectiveness of controls that are capable of mitigating such risks. Risk identification process shall also take into consideration of the following: • Risk specific to the achievement of business objectives • Risks that have the potential impact on the success and continuity of the business. Thereafter, identified risks are evaluated as follow: o Probability or likelihood of occurrence o Significance of the risk o Review and assess adequacy of risk management policies and framework in identifying, measuring, monitoring, and controlling risks 3. Risk Reporting and Monitoring Each Business Unit’s risks together with the controls and processes used to manage such risks are t identified and tabulated in a risk assessment report. Significant risks of Business Units and Projects are presented to the RMC for their deliberation. Risk monitoring is an ongoing process in which the RMC monitors the Group’s business risks as part of their annual assessment for proper disclosure in the Annual Report. 4. Merchant Risk The Group Risk Department monitors the merchants’ performance risks in its Transaction Payment Acquisition (“TPA”) businesses in Malaysia, Thailand, and Philippines. The Group Risk Department performs this function by firstly determining the risk acceptance criteria; followed by measuring, classifying, and monitoring merchant activities at a transactional level using predetermined risk rules; and finally instituting remedial and exit procedures for errant merchants. This approach is documented in the Group’s Credit Policy manual and also is heavily automated in the Group’s M-Cube Risk Management system. During the year, the Group Risk Department exited certain high risk merchants as a result of its review of transaction exceptions, evidencing the veracity of the M-Cube Risk Management system in detecting high risk merchant behaviour. Management has continuously kept abreast of these reviews and findings via the monthly Business Reviews. The Group Risk Department also continues to fine tune its policies and procedures to stay in line with changes in the marketplace and business objectives and plans. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL CONT’D
RkJQdWJsaXNoZXIy NDgzMzc=