MISC Annual Report 2018
The Board is pleased to provide the Company’s Statement on Risk Management and Internal Control which outlines the nature and scope of risk management and internal controls within the MISC Group for the financial year ended 31 December 2018. This statement is made in accordance with Paragraph 15.26(b) of the Main Market Listing Requirements (“MMLR”) of Bursa Malaysia Securities Berhad (“Bursa Securities”) which requires the board of directors of public companies to publish a statement about the state of internal control of the listed issuer as a Group. ACCOUNTABLITY OF THE BOARD The Board recognises its principal responsibility of establishing an effective risk management and internal control framework which includes regular review of the adequacy and effectiveness of the framework, as manifested in the Malaysia Code on Corporate Governance 2017. Accordingly, the Board has entrusted the responsibility of risk management and internal control oversight to the MISC Board Audit & Risk Committee (“BARC”). The responsibilities of the BARC are outlined in pages 187 to 189 of this annual report. In discharging its responsibilities, the BARC is supported by the MISC Risk Management Committee (“RMC”) that comprises certain Management Committee members and Heads of Divisions to reflect the prominence and focus by management on the oversight of internal control and risk management of the MISC Group. The Company’s risk management framework is used to identify, evaluate and manage the principal risks of the Group and appropriate internal control systems are also implemented to manage these risks, details of which are set-out in the following pages. The Board, via BARC, periodically reviews the efficiency and effectiveness of the Group’s internal control system to ensure viability and robustness of the system. Group Internal Audit (“GIA”) with its risk-based approach supports the BARC in ensuring the said internal control systems are in place and effective in dealing with risks. In dealing with risks, the Board understands that it is not always possible, cost-effective nor practical to eliminate risk altogether. Accordingly, these internal control systems can only provide reasonable assurance against material misstatement or loss. Thus, the Board adopts a cost-benefit approach to ensure that the expected returns outweigh the cost of risk mitigation. RISK MANAGEMENT FRAMEWORK In 2015, the Board had approved the adoption of the PETRONAS Resiliency Model (“PRM”) which provides an integrated view for managing risk and is also guided by international best practice as per ISO 31000. The PRM focuses on three frameworks namely: i. Enterprise Risk Management (“ERM”) ERM process is an integral part of managing business that provides a guide to systematically identify, assess, treat, monitor and review risks. It aims to improve the ability to reduce the likelihood and impact of identified risks that may affect the achievement of business objectives. ii. Crisis Management (“CM”) Crisis Management defines the structure and processes for managing emergencies including crises at both domestic and international operations. iii.Business Continuity Management (“BCM”) Business continuity practices ensure a structured recovery of business operations and business continuity in the event of a crisis or prolonged business disruption. The MISC Risk Policy states that: “MISC shall adopt and implement risk management best practices by identifying, assessing, treating and monitoring of risks as well as effectively responding to crisis. In the event of prolonged disruption, business continuity practices shall be adopted to restore and ensure continuity of MISC’s key business activities.” The Group has implemented risk management best practices in the form of ERM framework which ensures all business risks are prudently identified, evaluated, treated and managed accordingly to achieve MISC’s strategic objectives. STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL The framework of risk management comprises the following key elements: • Risk Management The Group’s Risk Management Policy guides the overall best practice of identifying, evaluating, managing, reporting and monitoring the ever changing risks facing the Group and specific measures to mitigate these risks. The emphasis is to effectively reduce the impact of risks, respond to immediate risk events and recover from prolonged business disruption to ensure continuity and sustainability of key business activities as well as delivery of business objectives. • Risk Governance Structure The Group’s risk governance structure facilitates the flow of information and effective oversight on the implementation of risk management practices across our businesses. CORPORATE PLANNING DEPARTMENT • Reviews and monitors risk reporting quarterly. Also undertakes secretariat role for RMC BOARD AUDIT AND RISK COMMITTEE (BARC) • Reviews the adequacy and effectiveness of MISC’s Risk Management Framework and on-going activities for identifying, evaluating, monitoring and mitigating risks • Reviews the Group’s level of risk tolerence RISK MANAGEMENT COMMITTEE (RMC) • Provides a reasonable level of assurance to the BARC that the Group’s risks are being managed appropriately BUSINESS UNIT / SUBSIDIARY • Responsible for implementing risk management processes at respective units BOARD OF DIRECTORS • Responsible for the overall oversight of MISC Group’s risk management system and activities Reporting flow Governance and information flow The RMC was established to review and monitor the Group’s risk management practices. It consists of mainly Vice Presidents and Heads of key service units, and is primarily responsible for driving the implementation of the Risk Management Framework and acts as the central platform for the Group to undertake the following responsibilities: • Assist the Management in identifying principal risks at Group level and providing assurance that the ERM is implemented group-wide to protect and safeguard MISC’s interest; • Review and recommend policies and frameworks specifically to address risks inherent in all business operations and environment pertaining to the Group; • Review, deliberate and recommend mitigation actions to ensure that the Group’s risks are being mitigated effectively; and • To provide a reasonable assurance to the BARC that the Group’s risks are being managed appropriately. The Group continues to monitor and ensure effective and robust execution of financial risk management through the implementation of the PETRONAS Corporate Financial Policy (“CFP”). The CFP supports the delivery of a consistent approach in financial and risk management discipline across the Group. The CFP is supplemented with Guidelines in the areas of Liquidity Management, Cash Repatriation, Financing, Investment, Banking, Asset Liability Management, Foreign Exchange Management, Credit, Tax, Inward Financial Guarantee and Documentary Credit, and Integrated Financial Risk Management. The Group has established its Financial Risk Appetite Setting (“FRAS”) in the areas of Foreign Exchange exposure and Financial Institution Credit Counterparty risks, to mitigate the Group’s risks arising from operations in non-functional currencies and financial loss arising from failure of counterparty banks. Liquidity risk was managed through the monitoring of the Financial Risk Report and its Key Risk Indicators (“KRI”). In 2017, the Group FRAS has been extended to cover the Interest Rate risk, Leverage Ratio and Minimum Cash Balance (“MCB”). The Weighted Average Cost of Debt (“WACD”) of the Group for the specific year was set to monitor the effect of interest rate fluctuations towards the overall finance cost of debt of the Company. The Leverage Ratio was set to meet the requirement of the rating agency whilst the MCB was established to ensure the Group can meet its operational requirement at all times. Risk management activities are undertaken at corporate and business units/subsidiaries levels and risk reports are reviewed and monitored by the Corporate Planning Department (“CPD”) on regular intervals prior to escalation to the RMC. Each appointed and dedicated risk focal person has the responsibility for risk management activities in their respective department/unit to ensure consistent implementation of risk management processes across the Group. HIGHLIGHTS OF THE YEAR OUR BUSINESS OUR LEADERSHIP OUR PERFORMANCE OUR COMMITMENT TO SUSTAINABILITY OUR GOVERNANCE FINANCIAL STATEMENTS OTHER INFORMATION 50 TH ANNUAL GENERAL MEETING 195 MISC BERHAD ANNUAL REPORT 2018 194
Made with FlippingBook
RkJQdWJsaXNoZXIy NDgzMzc=