73 CORPORATE GOVERNANCE ENRA GROUP BERHAD ANNUAL REPORT 2023 RISK MANAGEMENT (CONT’D) Management of Significant Risks (Cont’d) RISK MANAGEMENT STRUCTURE The Risk Management process is a collective responsibility which works by engaging every level of the organisation as risk owners of their immediate sphere of risks (as shown in the Risk Management Responsibilities diagram below). The Group aims to approach risk management from a top down and bottom up approach (holistically). This is managed through an oversight structure involving the Board, ARMSC, Internal Audit, ERMC and RMUs. PRINCIPLES FRAMEWORK PROCESS A. Creates and protects value B. Intergral part of organizational processes C. Part of decision making D. Explicity addresses uncertainty E. Systematic, structured and timely F. Based on the best available information G. Tailored H. Take human and cultural factors into account I. Transparent and inclusive J. Dynamic, interactive and responsive to change K. Facilitates continual improvement and enchancement of the organisation Mandate and commitment Design of framework for managing risk Monitoring and review of the framework Continual improvement of the framework Implementing risk management Risk assessment Establishing the context Risk identi cation Risk analysis Risk ovaluation Risk treatment Monitoring and review Communication and consultation Risk Management based on ISO 31000 Risk Management Structure Risk Management Responsibilities BOARD OF DIRECTORS STAKEHOLDERS BOARD MANAGEMENT EMPLOYEES AUDIT, RISK MANAGEMENT AND SUSTAINABILITY COMMITTEE EXECUTIVE RISK MANAGEMENT COMMITTEE RMU RMU RMU RMU Risk Oversight (2nd Line of Defence) Internal Audit (3rd Line of Defense DAY-TO-DAY RISK MANAGEMENT (1st Line of Defense) • Risk management - policy - Philosopy • Establish structured risk management system • Ensure accountability • Risk aware culture • Risk pro le • Issues to emerge • Current risk pro le • Action plans Statement On Risk Management And Internal Control (Cont’d)
RkJQdWJsaXNoZXIy NDgzMzc=