72 CORPORATE GOVERNANCE ENRA GROUP BERHAD ANNUAL REPORT 2023 Statement On Risk Management And Internal Control (Cont’d) RISK MANAGEMENT (CONT’D) The process owners and heads of various business units and supporting functions are the first level of defence and are accountable for all risks assumed under their respective areas of responsibility in line with the Risk Management policy and guidelines. The RMUs with the oversight by the ERMC provides the second line of defence. Quarterly updates on risk management are given by the heads of the various business units and certain supporting functions to the RMUs, which in turn reports the ERMC. The ERMC provides direction and has an oversight role in the risk management process. At its scheduled quarterly meetings, the ERMC appraises and assesses the efficiency of the controls and progress of actions plans taken to mitigate and monitor the risk management exposure of the Group. The ERMC also monitors the progress and status of the risk management activities, as well as raises issues of concern for Management’s attention. The Internal Audit function provides the third line of defence. The function reports directly to the ARMSC and provides independent assurance of the adequacy and reliability of risk management processes and system of internal control and ensures compliance with risk related requirements. • Within the framework, there is an established and structured process for the identification, assessment, communication, monitoring as well as continual review of risks and effectiveness of risk mitigation strategies and controls of the business units and supporting functions with regular communication between business units and the RMUs that in turn reports to the ERMC. The current methodology is adopted from the elements of Risk Management ISO 31000. The level of risk tolerance is expressed through the use of a risk impact and likelihood matrix with an established risk parameter boundary set by the ERMC and approved by the Board. The parameters define risks that are deemed to exceed or are close to exceeding the risk tolerance, and those which are not. There is an established risk treatment guidance on the action to be taken for the relevant risks. • The Group’s activities are exposed to a variety of risks, including operating, financial, strategic management, human resource, information technology, procurement, political, sales and marketing and safety, health and environmental risk. The Group has relevant policies and guidelines on risk reporting and disclosure that cover those risks. Management of Significant Risks The management of significant risks identified for the financial year ended 31 March 2023 are as follows: 1. Strategic Management Risk in managing the expansion of business portfolio. Expanding the business database through diversification, expansion, education & transfer of knowledge in this ever challenging & changing environment. The Group managed this risk through managing customer and main contractor expectations for Q Homes, EES & ENRA SPM for the GPM project. 2. Environmental Risk exist as we operate within both the oil & gas and property development industries/ segments which are exposed to compliance risk of laws and regulations including those relating to health, safety, environment and compliance with the various certifications required for those industries. We currently have various preventive maintenance programs through) daily & weekly monitoring for ENRA SPM, periodic reviews of compliance with the applicable rules, regulations and standards with the regulators for the other projects, training and development, and processes for risk assessment and monitoring and control based on ISO 9001 quality objectives. 3. Project Completion Risk, as the Group has businesses both locally and overseas and is exposed to various risks relating to delay and price changing in procuring materials, project management risks, occupational health and safety risk, political risk, credit risk, foreign exchange risk, sub-contractor’s financial management, payment issuance and communication barriers. The Group has embarked on a more stringent role in terms of monitoring projects both locally and overseas such as appointing key people as project managers and regular monitoring, liaising with Legal firms on the terms of contracts and reporting on project progress to the GMC/ MPR.
RkJQdWJsaXNoZXIy NDgzMzc=