CORPORATE GOVERNANCE SECTION 4 111 Al-`Aqar Healthcare REIT | Annual Report 2024 Responsibilities • The senior management is primarily responsible for managing process, • They are also responsible for controlling risks by using business control and compliance frameworks, implementing internal control processes, and adequate control • Manage day-to-day risk inherent in business activities as guided by the established risk strategies, frameworks, and policies Process Identification and assessment of risk, implementation, and monitoring of risk action plans. BUSINESS LINE MANAGEMENT/ RISK OWNERS Responsibilities • Oversees the operationalisation of risk management strategies as well as frameworks and policies. • Independent reporting to the management and BARC • Advisor to Business Line Management/ Risk Owners Process Monitors the consistent enforcement of ERM policy, reviews and endorses risk parameters, risk appetite, risk profile, and treatment options and risk action plans. ERMC STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL The Board and the Board Committees also carries out an annual assessment of risk management and internal control on all significant aspects of risks and internal control of the REIT in its Strategic Planning report, particularly on: • The nature and extent of significant risks, in the current and upcoming years; • The company’s ability to respond to changes in its business and the external environment; • The work of its internal audit and risk management (where applicable) units and other assurance providers; • The incidence of significant control failings or weaknesses that were identified at any time and their impact on the company’s performance or condition (financial or otherwise); • Any events that impacted the achievement of objectives that were not anticipated by management; and • The adequacy and effectiveness of the risk management and internal control policies as a whole. RISK MANAGEMENT Board Audit and Risk Committee (BARC) The Board Risk Committee (BARC) is a delegated committee of the Board of Directors tasked with providing oversight and strategic direction on the organisation’s risk management practices. It ensures that key risks are properly identified, managed, and aligned with the organisation’s objectives, risk appetite, and regulatory obligations. The board as a whole, is committed and responsible for the execution of the delegated role of the BARC primarily related to the outcome of the review and disclosure of key risks and internal control. The main responsibility of the BARC are: Oversight of Risk Governance Framework • Approves and reviews the Enterprise Risk Management (ERM) framework. • Ensures risk governance is robust, independent, and embedded into business operations and decision-making. • Monitors the effectiveness of the risk culture and promotes accountability at all levels. 1 Approval of Risk Appetite & Strategy • Reviews and recommends the risk appetite statement (RAS) to the full Board. • Ensures that risk-taking activities are within agreed thresholds and aligned with the organisation’s strategic objectives. 2 Strategic Risk Oversight • Reviews and monitors key strategic, financial, operational, compliance, ESG, and reputational risks. • Advises on emerging risks and macroeconomic or geopolitical trends impacting the business. 3
RkJQdWJsaXNoZXIy NDgzMzc=