PRG Holdings Berhad Annual Report 2018

2018 A N N U A L R E P O R T 48 INTRODUCTION The Board is pleased to present the Statement on Risk Management and Internal Control which outlines the Group’s risk management framework and internal control systems during the financial year under review. This statement is made pursuant to paragraph 15.26(b) of Bursa Securities’ MMLR and in accordance with the MCCG as well as “Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers”. This statement however, does not cover associate companies and joint ventures where risk management and internal control are managed by the respective management teams. RESPONSIBILITY The Board recognises the importance of a sound risk management framework and internal control system to good corporate governance and acknowledges its overall responsibility to ensure that the principal risks of the Group are identified, evaluated and managed with an appropriate system of internal control, and to ensure that the effectiveness, adequacy and integrity of the system are reviewed from time to time to suit the changes in the business environment. The Board has established an appropriate risk management framework and internal control system to manage the Group’s risks within tolerable ranges rather than to eliminate risks with significant adverse impact on the achievement of the Group’s objectives and strategies. It can therefore only provide reasonable assurance but not absolute assurance against material misstatements, financial losses or fraud. There is an on-going process in place to identify, evaluate and manage the significant risks that may affect the achievement of business objectives throughout the financial year under review and up to the date of approval of this statement by the Board. The process is updated and reviewed from time to time to be responsive to the changes in the business environment. KEY ELEMENTS OF RISK MANAGEMENT AND INTERNAL CONTROL SYSTEM Risk Management Framework Risk management is an integral part of the Group’s management process and the Group focuses on the key risks and the relevant controls to ensure that they are able to respond effectively to the changing business environment. The risk management framework established by the Board is embedded in various operation processes and procedures of the respective operational functions and management team and clearly defines the authority and accountability in implementing the risk management process. The Group’s risk management framework has the following key attributes: • Risk Management Structure The Board continuously reviews the overall management of principal areas of risk with the assistance of Risk Management Committee (“RMC”). Following the recommendation of MCCG Practice 9.3, the RMC consists of three (3) members, all of whom are Independent Non-Executive Directors. RMC is supported by the Risk Management Team (“RMT”) at the operational level. The members of RMT comprise Managing Directors/ Executive Directors and various Heads of Departments. • Key elements of risk management framework: i. Identify new risks and determine whether existing risks remain relevant to the Group’s objectives; The RMT conducts quarterly review of business risks to identify new risks as well as to determine whether previously known risks remain relevant. However, if an abrupt situation which has serious bearings on the Group’s business operating environment arises, RMT will respond immediately to invoke the risk reviewing process. ii. Evaluate the risks and develop risk mitigating action plans; and The identified risks, which may fall into the category of strategic risk, operational risk, credit risk, finance/account risk or IT risk, will be evaluated by RMT and thereafter effective controls and risk mitigating action plans will be developed and implemented to address and mitigate the risks identified. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL