MISC Annual Report 2019

Risk Management Process The risk management process in MISC requires management to identify business risks at the strategic, operational and tactical levels, and assess these risks in terms of likelihood and magnitude of impact, as well as to identify and evaluate the adequacy of mechanisms in place to manage these risks. The pertinent risks evaluated are financial, operational, regulatory and reputational risks. This process involves assessments at business unit/ subsidiary levels before being examined on a Group or strategic perspective. In essence, the risk management processes are as follows: Risk management activities are undertaken at corporate and business unit/subsidiary levels and risk reports are reviewed and monitored by Corporate Planning (CP) at regular intervals prior to escalation to the RMC. Each appointed and dedicated risk focal person has the responsibility for risk management activities in their respective department to ensure consistent implementation of risk management processes across the Group. The RMC was established to review and monitor the Group’s risk management practices. It is primarily responsible for driving the implementation of the risk management framework and acts as the central platform for the Group to undertake the following responsibilities: • Assist the Management in identifying principal risks at Group level and providing assurance that the ERM is implemented group-wide to protect and safeguard MISC’s interest; • Review and recommend policies and frameworks specifically to address risks inherent in all business operations and environment pertaining to the Group; • Review, deliberate and recommend mitigation actions to ensure that the Group’s risks are being mitigated effectively; and • Provide a reasonable assurance to the BARC that the Group’s risks are being managed appropriately. Statement on Risk Management & Internal Control The Group continues to monitor and ensure effective and robust execution of financial risk management through the implementation of the PETRONAS Corporate Financial Policy (CFP). The CFP supports the delivery of a consistent approach in financial and risk management discipline across the Group. The CFP is supplemented with Guidelines in the areas of liquidity management, cash repatriation, financing, investment, banking, asset liability management, foreign exchange management, credit, tax, inward financial guarantee and documentary credit, and integrated financial risk management. The Group has established Financial Risk Appetite Setting (FRAs), which sets out the following Key Risk Indicators (KRI) as a means of monitoring and mitigating against adverse trends of relevant financial risks: • Foreign exchange and financial institution credit counterparty risk appetite, to mitigate risks arising from operations in non- functional currencies and financial losses arising from failure of counterparty financial institutions. • Interest rate risk appetite limit, whereby the Weighted Average Cost of Debt of the Group for the specific year is set to monitor the overall finance cost of debt of the Group. • Leverage ratio, to ensure the Group maintains an optimum debt level. • Minimum cash balance level, to ensure that the Group can meet its immediate operational, committed capex and debt obligation requirements. Discussion and deliberation of key and significant risk events breaching thresholds as well as the proposed mitigations Provide guidance to management to ensure the Group’s risks are being managed appropriately Continous monitoring of risk level using the Risk Registers The performance of key risks is monitored using KRI Any change or movement in the KRIs, will provide an early warning KRIs that breach set thresholds are reviewed by CP before presentation to RMC for discussion on a quaterly basis Significant breaches and key risk issues are raised to the BARC for discussion and deliberation Mitigation to eliminate/minimise risk exposure are delibearted at RMC and BARC Identifying risks and existing controls via risk assessment Establish risk rating based on matrix and record into Risk Registers Select approriate risk treatment option Risk Profiling Risk Monitoring Risk Reporting CP RMC BARC Risk Register Risk Register Review Discuss Review Discuss Shortlist of risk events breaching thresholds Shortlist of key and significant risk events breaching thresholds 223 222 OUR GOVERNANCE MISC BERHAD PEOPLE. PASSION. POSSIBILITIES ANNUAL REPORT 2019