CORPORATE GOVERNANCE 118 Al-`Aqar Healthcare REIT | Annual Report 2024 1st Level of Defence: Business Line Management • The Senior Management, who are also Head of Departments and members of the ERMC forms the 1st line of defence, primarily responsible for managing processes. • They are also responsible for controlling risks by using business control and compliance frameworks, implementing internal control processes, and adequate control 2nd Level of Defence: Risk Management • Responsible for setting ERM Frameworks • Independent reporting to management and BARC 3rd Level of Defence: Internal Audit • Assurance about design and effectiveness • Reporting to Management and BARC • Advisory role to improve process BOARD BOARD COMMITTEE First Line of Defence Senior Management Second Line of Defence Risk Management, Compliance & Integrity Functions Third Line of Defence Internal Audit Three Lines of Defense Control ASSURANCE Own, manage and control risk by implementation of neccessary internal control Coordinate, facilitate and oversee the effectiveness of the risk management and internal control activities Provide independent assurance on the effectiveness of the risk management and internal control activities INTERNAL CONTROL SYSTEMS For ERM to be effective, it must be embedded throughout an organisation, since risk influences and aligns strategy and performance at all levels. The Board and Management are committed to maintaining an effective internal control environment by continuously enhancing the design of internal control systems to ensure that they are relevant and effective to promote operational agility while ensuring corporate governance and compliance with regulatory guidelines. The internal control policy is designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations The Managers’ practice of strong internal control is guided by the model of “Three Lines of Defence” as shown below: STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
RkJQdWJsaXNoZXIy NDgzMzc=