INTRODUCTION The Board is pleased to present the Statement on Risk Management and Internal Control which outlines the Group’s nature of risk management framework and internal control systems during the financial year ended 31 December 2021. This statement is made pursuant to paragraph 15.26(b) of Bursa Securities’ Listing Requirements and guided by the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers issued by the Institute of Internal Auditors Malaysia and taking into consideration the recommendations of the MCCG. This statement does not cover associate companies and joint ventures where risk management and internal control are managed by the respective management teams. RESPONSIBILITY The Board recognises the importance of a sound risk management framework and internal control system to good corporate governance and acknowledges its overall responsibility to ensure that the principal risks of the Group are identified, evaluated and managed with an appropriate system of internal control, and to ensure that the effectiveness, adequacy and integrity of the system are reviewed from time to time to suit the changes in the business environment. The Board has oversight on this critical area through the Audit and Risk Management Committee of the Board (“ARMC”). Through the ARMC, the Board has established an appropriate risk management framework and internal control system to manage the Group’s risks within tolerable ranges rather than to eliminate risks with significant adverse impact on the achievement of the Group’s objectives and strategies. It can therefore only provide reasonable assurance but not absolute assurance against material misstatements, financial losses or fraud. There is an on-going process in place to identify, evaluate and manage the significant risks that may affect the achievement of business objectives throughout the financial year under review and up to the date of approval of this statement by the Board. The process is updated and reviewed from time to time to be responsive to the changes in the business environment. KEY ELEMENTS OF RISK MANAGEMENT AND INTERNAL CONTROL SYSTEM Risk Management Framework Risk management is an integral part of the Group’s management process and the Group focuses on the key risks and the relevant controls to ensure that they are able to respond effectively to the changing business environment. The risk management framework established by the Board is embedded in various operation processes and procedures of the respective operational functions and management team and clearly defines the authority and accountability in implementing the risk management process. The Group’s risk management framework has the following key attributes: • Risk Management Structure The Board continuously reviews the overall management of principal areas of risk with the assistance of ARMC. ARMC is supported by the Risk Management Team (“RMT”) at the operational level. The members of RMT comprise Managing Directors/Executive Directors and various Heads of Departments of the operating subsidiaries. • Key elements of risk management framework: i. Identify new risks and determine whether existing risks remain relevant to the Group’s objectives; The RMT conducts quarterly review of business risks to identify new risks as well as to determine whether previously known risks remain relevant. However, if an abrupt situation which has serious bearings on the Group’s business operating environment arises, RMT will respond immediately to invoke the risk reviewing process. Statement On Risk Management and Internal Control P R G H O L D I N G S B E R H A D A N N U A L R E P O R T 2 0 2 1 52
RkJQdWJsaXNoZXIy NDgzMzc=