71 CORPORATE GOVERNANCE ENRA GROUP BERHAD ANNUAL REPORT 2023 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Paragraph 15.26(b) of the MMLR of Bursa Securities requires the Board of Directors of a public listed company to include in its annual report a statement about the state of risk management and internal control of the listed issuer as a group. The Bursa Securities’ Statement on Risk Management & Internal Control (Guidelines for Directors of Listed Issuers) provides guidance for compliance with these requirements. The MCCG 2021 issued by the Securities Commission Malaysia requires the Board of Directors to establish a sound risk management framework and internal control system. ENRA’s Board is pleased to provide the following statement that is prepared in accordance with the “Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers” endorsed by Bursa Securities which outlines the nature and scope of the Risk Management and Internal Control of ENRA during the financial year under review. BOARD RESPONSIBILITY The Board acknowledges the importance of sound internal controls and risk management practices to safeguard various stakeholders’ interest and to address all key risks, which the Board considers relevant and material to ENRA and its subsidiaries operations. The Board affirms its overall responsibility for the Group’s system of internal control and risk management process, which includes the establishment of an appropriate control environment and framework. The Board is also responsible for reviewing the effectiveness, adequacy and integrity of those systems. These systems are designed to manage rather than to eliminate any risk that may impact the Group arising from non-achievement of the Group’s policies, goals and objectives. Such system provides reasonable but not absolute, assurance against material misstatement or loss. The Group has in place an ongoing process for identifying, evaluating, monitoring and managing the operating and financial controls affecting the achievement of its business objectives throughout the financial reporting period. The Internal Audit Department plays a role in this respect. The process is reviewed quarterly by the ARMSC. The Board maintains ultimate responsibility over the Group’s system of internal control and risk management process that it has delegated to the EXCO for implementation. The Internal Audit function is to provide reasonable assurance that the designed controls are in place and are operating as intended. RISK MANAGEMENT The Board reviewed the risk management processes in place within the Group with the assistance of the Executive Risk Management Committee (“ERMC”) and the Internal Audit Department. The ERMC meets on a quarterly basis to deliberate on risks identified, controls and risk mitigation strategies arising from the risk assessment process conducted. The key elements of the Group’s risk management framework are as follows: • The ERMC, which is chaired by the President & Group Chief Executive Officer, and comprises the Executive Directors as members and the Head of Internal Audit as the risk coordinator. The ERMC is entrusted with the terms of reference and the responsibility to identify and communicate to the Board the key risks the Group faces, their changes, and Management’s actions and plans to manage such risks. • The Risk Management policy guide and manual, which outlines the corporate policy and framework on risk management for the Group and offers practical guidance on risk management issues. Pursuant to the said policy, the Risk Management Units (“RMUs”) at the subsidiary/operational level were set up to report quarterly to the ERMC. • The Enterprise Risk Management framework, which is defined as methods and processes used by an organisation to manage risks and seize opportunities related to the achievement of their objectives. The key feature of this framework is a risk governance structure comprising three lines of defence with established and clear functional responsibilities and accountabilities of the management of risk.
RkJQdWJsaXNoZXIy NDgzMzc=