MISC- Annual Report 2016

Pursuant to Paragraph 15.26(b) of the Main Market Listing Requirements (“MMLR”) of Bursa Malaysia Securities Berhad (“Bursa Securities”), the Board is also required to include in the Company’s annual report, a statement about the state of internal control of the listed issuer as a group. Accordingly, the Board is pleased to provide the Company’s Statement on Risk Management and Internal Control for the financial year ended 31 December 2016 which was prepared in accordance with the ‘Statement on Risk Management & Internal Control: Guidelines for Directors of Listed Issuers’, endorsed by Bursa Securities. ACCOUNTABILITY OF THE BOARD The Board recognises its principal responsibility of establishing a sound risk management framework and internal control system, as manifested in Recommendation 6.1 of the Code. Accordingly, the Board has entrusted the responsibility of risk management oversight to the MISC Board Audit Committee (“BAC”). In respect of risk management, the BAC is supported by the MISC Risk Management Committee (“RMC”) that comprises mainly Heads of Divisions. The Company’s risk management framework is used to identify, evaluate and manage the principal risks of the Group and appropriate internal control systems are also implemented to manage these risks, details of which are set-out in the following pages. In addition to the risk management process, the BAC periodically reviews the efficiency and effectiveness of the Group’s internal control system to ensure viability and robustness of the system. Group Internal Audit (“GIA”) with its risk-based approach supports the BAC in ensuring the said internal control systems are in place and effective in dealing with risks. The BAC is also supported by the Management Committee (“MC”) to reflect the prominence and focus by management on the control and risks of the organisation. In dealing with risks, the Board understands that it is not always possible, cost-effective or practical to eliminate risk altogether. Accordingly, these internal control systems can only provide reasonable assurance against material misstatement or loss. Thus, the Board adopts a cost-benefit approach to ensure that the expected returns outweigh the cost of risk mitigation. RISK MANAGEMENT FRAMEWORK Since 2015 the Board has approved the adoption of the PETRONAS Resiliency Model (“PRM”) which provides an integrated view for managing risk. The PRM focuses on three frameworks namely: i. Enterprise Risk Management (“ERM”) ERM process is an integral part of managing business that provides a guide to systematically identify, assess, treat, monitor and review risks. It aims to improve the ability to reduce the likelihood and impact of identified risks that may affect the achievement of business objectives. ii. Crisis Management (“CM”) Crisis Management defines the structure and processes for managing emergencies including crises at both domestic and international operations. iii. Business Continuity Management (“BCM”) Business continuity practices ensure a structured recovery of business operations and business continuity in the event of a crisis or prolonged business disruption. The Malaysian Code on Corporate Governance 2012 (“the Code”) recommends as best practices that the Board establishes a sound risk management framework and internal control system, and disclose in the Company’s Annual Report the main features of the risk management framework and internal control system. MISC BERHAD •  Annual Report 2016 138 Statement on risk management & internal control

RkJQdWJsaXNoZXIy NDgzMzc=