PRG Holdings Berhad Annual Report 2017

• Annual Report 2017 49 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL INTRODUCTION The Board is pleased to present the Statement on Risk Management and Internal Control which outlines the Group’s risk management framework and internal control systems during the financial year under review. This statement is made in pursuant to paragraph 15.26(b) of the MMLR of Bursa Securities and in accordance with the Malaysian Code on Corporate Governance as well as “Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers”. This statement however, does not cover associate companies and joint ventures where risk management and internal control are managed by the respective management teams. RESPONSIBILITY The Board recognises the importance of a sound risk management framework and internal control system to good corporate governance and acknowledges its overall responsibility to ensure that the principal risks of the Group are identified, evaluated and managed with an appropriate system of internal control, and to ensure that the effectiveness, adequacy and integrity of the system are reviewed from time to time to suit the changes in the business environment. The Board has established an appropriate risk management framework and internal control system to manage the Group’s risks within tolerable ranges rather than to eliminate risks with significant adverse impact on the achievement of the Group’s objectives and strategies. It can therefore only provide reasonable assurance but not absolute assurance against material misstatements, financial losses or fraud. There is an on-going process in place to identify, evaluate and manage the significant risks that may affect the achievement of business objectives throughout the financial year under review and up to the date of approval of this statement by the Board. The process is updated and reviewed from time to time to be responsive to the changes in the business environment. KEY ELEMENTS OF RISK MANAGEMENT AND INTERNAL CONTROL SYSTEM Risk Management Framework Risk management is an integral part of the Group’s management process and the Group focuses on the key risks and the relevant controls to ensure that they are able to respond effectively to the changing business environment. The risk management framework established by the Board is embedded in various operation processes and procedures of the respective operational functions and management team and clearly defines the authority and accountability in implementing the risk management process. The Group’s risk management framework has the following key attributes: • Risk Management Structure The Board continuously reviews the overall management of principal areas of risk with the assistance of Risk Management Committee (“RMC”). The RMC is headed by an Independent Non-Executive Director and comprises the Managing Directors and/or Executive Directors, Chief Executive Officer and Chief Financial Officer. RMC is supported by the Risk Management Team (“RMT”) at the operational level. The members of RMT comprise Managing Directors and various Heads of Departments. • Key elements of risk management framework: i. Identify new risks and determine whether existing risks remain relevant to the Group’s objectives; The RMT conducts quarterly review of business risks to identify new risks as well as to determine whether previously known risks remain relevant. However, if an abrupt situation which has serious bearings on the Group’s business operating environment arises, RMT will respond immediately to invoke the risk reviewing process.