CORPORATE GOVERNANCE 116 Al-`Aqar Healthcare REIT | Annual Report 2024 The processes involved in the ERM are summarise below: Risk Identification: Finding, recognising, and describing the risks that could affect the achievement of an organisation’s objectives. During the risk identification process, it is important to identify the risks associated with not pursuing an opportunity. Risk Analysis: Risk shall be analysed and assessed to determine the Risk Rating. The risk analysis should start with determining the root causes/sources of risk, assessing the likelihood and impact to produce a Gross Risk Rating (the risk rated before any preventive/ recovery measures are implemented) Risk Evaluation: Risk evaluation involves the exercise of determining the existing key controls on the identified risk, defining the existing Control Effectiveness and the likelihood and impact of producing the Residual Risk Rating. All risk profiles will be rated based on 2 parameters: Likelihood (that the risk will occur X the impact that it has on the business. Ratings of the risks will be tabulated to produce a heat map The Risk Action Plan/ Mitigation Plan: The risk Mitigation Plan identifies the parties responsible and the timeline for the plan implementation Monitoring Risk Mitigation Performance: Risk monitoring, review, and reporting shall be performed periodically. The frequency of reporting is summarised as per table below ERM FRAMEWORK Communication & Consultation Scope, Context, Criteria Risk Treatment Risk Treatment Monitoring & Review Recording & Reporting Risk Identification Risk Analysis Risk Evaluation The diagram below shows the process to be undertaken in preparing a Risk Profile: STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
RkJQdWJsaXNoZXIy NDgzMzc=