ENRA Group Berhad | Annual Report 2022 66 RISK MANAGEMENT STRUCTURE The Risk Management process is a collective responsibility which works by engaging every level of the organisation as risk owners of their immediate sphere of risks (as shown in the Risk Management Responsibilities diagram below). The Group aims to approach risk management from a top down and bottom up approach (holistically). This is managed through an oversight structure involving the Board, ARMC, Internal Audit, ERMC and RMUs. RISK MANAGEMENT STRUCTURE BOARD OF DIRECTORS AUDIT & RISK MANAGEMENT COMMITTEE EXECUTIVE RISK MANAGEMENT COMMITTEE DAY-TO-DAY RISK MANAGEMENT (1st Line of Defence) Risk Oversight (2nd Line of Defence) Internal Audit (3rd Line of Defence) RMU RMU RMU RMU RISK MANAGEMENT RESPONSIBILITIES STAKEHOLDERS BOARD MANAGEMENT EMPLOYEES • Risk management - Policy - Philosophy • Establish structured risk management system • Ensure accountability • Risk aware culture • Risk profile • Issues to emerge • Current risk profile • Action plans INTERNAL AUDIT FUNCTION At present, there is an in-house Internal Audit function. The Internal Audit function operates within the framework of the International Professional Practices Framework by the Institute of Internal Auditors as stated in its Internal Audit Charter, which is approved by the ARMC. The Internal Audit function provides the ARMC with independent opinions of processes, risk exposure and systems of internal control using the “Committee of Sponsoring Organization of the Treadway Commission’s Internal Control – Integrated Framework” as a guide. The Internal Audit function assesses the Group’s Internal Control system according to the following five interrelated control elements: • Control Environment • Risk Assessment • Control Activity • Information & Communication • Monitoring STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
RkJQdWJsaXNoZXIy NDgzMzc=