AL-SALAM REIT ANNUAL REPORT 2018

AL-SALĀM REIT ANNUAL REPORT 2018 95 The business environment is constantly changing and hence needs to continuallymonitor and review its risks and the efectiveness of its management of risk over time. The period of risk review will be determined by the risk rating, with higher rated risks and associated controls/risk mitigation strategies reviewed more often. Risk monitoring and review will:- • ensure risks appropriately relect the reality of the operating environment; • involve the review of risk ratings (likelihood & Impact); • involve a review of the adequacy and efectiveness of existing risk controls / treatment plans and recommend changes to treatment priorities & timeframes; • identify emerging or new risks; and • include consideration of the appropriate “responsible person(s)” for ongoing monitoring and review of risks. Additionally, monitoring and measuring includes evaluation of the risk awareness culture and the risk management framework, and assessment of the extent to which risk management tasks are aligned, suitable, adequate, and efective way of achieving established objectives. This will enable the internal audit function to periodically review the efectivenessof the risk management function in the Manager and providing an independent view on speciic risks and control issues, the state of internal controls, trends and events. When the need arises, the Manager will review the risk management framework and risk management process which involves the review of risk management policy and plans as well as risks, risk categories, risk treatments, controls, residual risks, and risk assessment process. Based on results of monitoring and reviews, decisions should be made on how the risk management program can be improved. These decisions should lead to improvements in the organisation’s management of risk and its risk management culture. Internal Control The following key elements embody the current internal control system adopted by the Manager:- a) The Board has put in place its own management reporting mechanisms which enable the Board to review the performance of the Manager and the Fund. b) The Board approved annual budgets and business plans prepared by each property. c) Investment strategies and criteria which are formulated by the management and agreed by the Executive Committee and/ or recommendation on any acquisition or divestment would be presented to the Board for approval before forwarding to the Trustee for inal approval. d) Comprehensive policies and procedures manual that provide guidelines on, and authority limits over various operations, inancial and human resources matters. e) Regular management meetings involving the review of the operations and inancial performance of each property with Property Managers and the Trustee. f) The Audit Committee with formal terms of reference clearly outlining its functions and duties delegated by the Board. g) The internal audit reviews carried out by the outsourced internal auditor based on the risk-based internal audit plan approved by the Audit Committee. h) A systematic performance appraisal system for all levels of staf. i) The Code of Ethics is to be implemented in 2019 to mitigate Integrity Risks j) The Management has also reviewed its Standard Operating Procedure (“SOP”) for the Manager and the funds, across all departments k) Relevant training provided to staf across all functions to maintain a high level of competency and capability.