MISC Annual Report 2018

RISK MANAGEMENT PROCESS The risk management process in MISC requires management to identify business risks at strategic, operational and tactical levels, and assess these risks in terms of likelihood and magnitude of impact, as well as to identify and evaluate the adequacy of mechanisms in place to manage these risks. The pertinent risks evaluated are financial, operational, regulatory and reputational risks. This process involves assessments at business unit level before being examined on a Group or strategic perspective. In essence, the risk management processes are as follows: - CPD RMC BARC Risk Register • Discussion and deliberation of key and significant risk events breaching thresholds • Provide guidance to management to ensure the Group’s risks are being managed appropriately Shortlist of risk events breaching thresholds Review & Discuss Risk Events Shortlist of key and significant risk events breaching thresholds Review & Discuss In addition, the following summarises the key risk management activities undertaken during the year under review: • Embedding risk management into the annual business plan In sustaining the achievement of business objectives, it is important to manage risks across the Group on an integrated basis with a balanced view of the risks taken against the rewards of business performance. The Business Units (“BU”), Service Units (“SU”) and key Subsidiaries (“Subs”) are required to perform an annual review of their risk profiles with the emphasis in linking risks to MISC’s business objectives. In addition, KRIs were reviewed and identified to monitor the movement of risks throughout the year, thus enabling the management to act and take necessary measures in managing risks to ensure that strategic initiatives are implemented effectively and business objectives are met. For the purpose of risk reporting, the breaches of any risk events are reported to the RMC and BARC on a quarterly basis, complete with the mitigation action plans to mitigate the risks. • Project Evaluation The Group continues to use a risk-based pricing framework that is used to ensure that the returns of any capital investment or project, adequately covers the risks assumed from undertaking such investment or project. Amongst the risk elements considered in the Project Risk Assessment (“PRA”) are counter party credit risk, project tenure, assumed level of debt taken to fund the project and the residual value risk of the asset at the end of the contract period. PRA is a stringent tool adopted by the Group in identifying project’s risks prior to embarking on a new capital intensive project. PRA enables the business to identify and implement appropriate controls to mitigate the risk impact to projects. Ultimately, the objective of PRA is to ensure that project returns commensurate with the level of risk taken. During the year, there were eight (8) PRAs conducted and deliberated at the RMC. In addition, the PRA advocates and ensures a consistent approach to project prioritisation during the overall planning and budget cycle throughout the Group, as well as promoting investment discipline. • Business Continuity Planning Business Continuity Planning (“BCP”) has been implemented in stages to ensure continuity of critical business functions in the event of disruption. During the year under review, BCP simulations were organised for critical units based in Menara Dayabumi to test the resiliency and robustness of the BCP initiative put in place, as well as to familiarise employees with the business continuity plans. The scenario-based simulation was designed to test all roles and responsibilities of the critical business functions, including critical staff who are required to carry out business recovery from the alternate site. The purpose of the BCP simulations is to ensure that employees understand their specific roles and responsibilities as laid out in the plans, as well as establishing familiarity with the alternate site. The outcome of the simulations identifies the improvement measures that need to be taken, and the lessons learnt were employed to enhance and update the plan. This strategy allows MISC to recognise benefits from the investment made, taking advantage of knowledge gained and experience attained through the testing of the business continuity plans. KEY RISK AREAS MISC risk management process enables the evaluation of all relevant risks that may impact the Group. Further to that, key risks covering financials, asset performance, major health, safety, security and environmental incidents, project management and human resource were monitored closely at the Company’s quarterly RMC and BARC meetings. These key risks were selected based on risks that are prevalent and common across the Group, and risks that may have significant and material impact to the Group. The RMC holds quarterly meetings to review the key risks and to ensure mitigation plans are in place to manage such risks. The adequacy and effectiveness of the controls and the robustness of the mitigation actions are also addressed. These are then deliberated at the BARC on a quarterly basis. Several reviews and periodic testing were conducted during the year under review as follows: - • Group Internal Audit provides regular independent audit on the adequacy of MISC’s risk management system and governance. The recommendations arising from the review are adopted and corrective action plans are taken for continuous improvement. STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL Risk Profiling Risk Monitoring Risk Reporting • Identify risks and existing controls via risks assessment facilitated in a workshop • Established risk rating based on matrix and registered into Risk Registers • Selection of appropriate risk treatment option • Continuous monitoring or risk level using Risk Registers • The performance of key risks is monitored using KRI • Any changes or movement in the KRIs, will provide an early warning • KRIs that breach set thresholds are reviewed by CPD before presentation to RMC for discussion on a quarterly basis • Significant breaches and key risk issues are raised to the BARC for discussion and deliberation HIGHLIGHTS OF THE YEAR OUR BUSINESS OUR LEADERSHIP OUR PERFORMANCE OUR COMMITMENT TO SUSTAINABILITY OUR GOVERNANCE FINANCIAL STATEMENTS OTHER INFORMATION 50 TH ANNUAL GENERAL MEETING 197 MISC BERHAD ANNUAL REPORT 2018 196

RkJQdWJsaXNoZXIy NDgzMzc=