STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL Risk Profiling Risk Monitoring Risk Reporting • Identify risks and existing controls via risk assessment facilitated in a workshop. • Establish risk rating based on risk matrix and registered into Risk Registers. • Selection of appropriate risk treatment option. • Continuous monitoring of risk level using the Risk Registers. • The performance of key risks is mon i t o red us i ng Key R i sk Indicators (KRIs). • Any changes or movement in the KRIs, will provide an early warning. • Presentation of Risk Register to RMC and BAC on a quarterly basis. • MISC have developed the MISC Common Risk Dashboard, a risk reporting tool to better represent the overall risk health for MISC. RISK MANAGEMENT PROCESS The risk management process in MISC requires management to identify business risks at strategic, operational and tactical levels, and assess these risks in terms of likelihood and magnitude of impact, as well as to identify and evaluate the adequacy of mechanisms in place to manage these risks. This process involves assessments at business unit level before being examined on a Group or strategic perspective. In essence, the risk management processes are as follows:- In addition, the following summarises the key risk management activities undertaken during the year under review: • Embedding risk management into strategy planning The Board acknowledges the significance of managing key risk events to sustain the achievement of business objectives. In ensuring efficient and effective integration between risk management and business performance, risk profiles for Business Units (“BU”), key Service Units (“SU”) and key Subsidiaries (“Subs”) are subjected to an annual review with the emphasis in linking risks to MISC’s business objectives. In addition, Key Risk Indicators (KRIs) were reviewed and identified to monitor the movement of risks throughout the year, thus enabling the management to act and take necessary measures in managing risks to ensure business objectives are met. Essentially, to ensure management and Board are well informed of the risks affecting the business, the enterprise level risk are monitored using MISC Common Risk Dashboard, a tool which comprises of several Common Risks that are prevalent and deemed significant across the MISC Group. The common risks are derived from the business and service unit risk register and may have direct or indirect impact on the Company. For the purpose of risk reporting, the MISC Common Risk Dashboard will be updated and reported to the RMC and BAC on a quarterly basis, complete with the mitigation action plans to mitigate the risks. • Project Risk Assessment Project Risk Assessment (“PRA”) is conducted for capital intensive projects with the objectives to ensure that the controls are in place and the project returns commensurate with the level of risk taken. REDISCOVER I REBUILD I SUSTAIN 114
RkJQdWJsaXNoZXIy NDgzMzc=