MISC Annual Report 2017
MISC BERHAD | Annual Report 2017 144 RISK MANAGEMENT PROCESS The risk management process in MISC requires management to identify business risks at strategic, operational and tactical levels, and assess these risks in terms of likelihood and magnitude of impact, as well as to identify and evaluate the adequacy of mechanisms in place to manage these risks. The pertinent risks evaluated are financial, operational, regulatory and reputational risks. This process involves assessments at business unit level before being examined on a Group or strategic perspective. In essence, the risk management processes are as follows :- In addition, the following summarises the key risk management activities undertaken during the year under review : • Embedding risk management into the annual business plan In sustaining the achievement of business objectives, it is important to manage risks across the Group on an integrated basis with a balanced view of the risks taken against the rewards of business performance. The Business Units (BU), Service Units (SU) and key Subsidiaries (Subs) are required to perform an annual review of their risk profiles with the emphasis in linking risks to MISC’s business objectives. In addition, KRIs were reviewed and identified to monitor the movement of risks throughout the year, thus enabling the management to act and take necessary measures in managing risks to ensure that strategic initiatives are implemented effectively and business objectives are met. For the purpose of risk reporting, the MISC Common Risk Dashboard will be updated and reported to the RMC and BARC on a quarterly basis, complete with the mitigation action plans to mitigate the risks. • Project Evaluation The Group continues to use a risk-based pricing framework that is used to ensure that the returns of any capital investment or project, adequately covers the risks assumed from undertaking such investment or project. Amongst the risk elements considered in the Project Risk Assessment (PRA) are counter party credit risk, project tenure, assumed level of debt taken to fund the project and the residual value risk of the asset at the end of the contract period. PRA is a stringent tool adopted by the Group in identifying a project’s risks prior to embarking on a new capital intensive project. PRA enables the business to identify and implement appropriate controls to mitigate the risk impact to projects. Ultimately, the objective of PRA is ensuring that project returns commensurate with the level of risk taken. During the year, there were nine (9) PRAs and one (1) Project Independent Review (PIR) conducted and deliberated at the RMC. In addition, the PRA advocates and ensures a consistent approach to project prioritisation during the overall planning and budget cycle throughout the Group, as well as promoting investment discipline. • Identify risks and existing controls via risk assessment facilitated in a workshop. • Established risk rating based on matrix and registered into Risk Registers. • Selection of appropriate risk treatment option. • Continous monitoring of risk level using the Risk Registers. • The performance of key risks is monitored using KRI. • Any changes or movement in the KRIs, will provide an early warning. • Presentation of Risk Register to RMC and BARC on a quarterly basis. • MISC has developed the MISC Common Risk Dashboard, a risk reporting tool to better represent the overall risk health for MISC. RISKPROFILING RISK MONITORING RISK REPORTING STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL
Made with FlippingBook
RkJQdWJsaXNoZXIy NDgzMzc=