AL-SALAM REIT ANNUAL REPORT 2019

Statement On Risk Management & Internal Control 97 ANNUAL REPORT 2019 AL-SALĀM REIT • THE MANAGER’S RISK MANAGEMENT AND INTERNAL CONTROL SYSTEM The periodic meetings of the Risk Management Committee, Executive Committee and the Board are the main platforms by which the Manager’s performance and conduct are monitored. The day-to-day operations of the business are entrusted to the CEO and the management teams. The CEO continuously communicates the Board’s expectations and directions to the management at the management meetings where all risks relating to strategy, operational and financial are discussed and dealt with action plans. The Board is responsible for setting the business direction and strategies as well as overseeing the conduct of the Manager’s operations through its Board Committees and management reporting mechanisms. Through these mechanisms, the Board is informed of all major issues pertaining to risks, governance, internal controls and compliance with regulatory requirements. RISK MANAGEMENT FRAMEWORK APPROACH: RISK ANALYSIS METHODS AND RISK APPETITE The Manager adopts ERM practices that enable it to continuously identify, assess, treat and manage risks that affect Al-Salām REIT in achieving its objectives within defined risk parameters in a timely and effective manner. All identified risks are recorded in a risk register to facilitate systematic review and monitoring. The ERM practices are embedded into key activities and business processes, enabling proper risk management at the operation level of each property as well as the fund level. Risks identified shall be systematically evaluated with proper mitigating action plans developed to manage the risks to an acceptable level and monitored on a continuous basis. The approach is summarised as below: COMMUNICATE AND CONSULT MONITOR AND REVIEW RISK ASSESSMENT IDENTITY RISKS ANALYSE RISKS EVALUATE RISKS ESTABLISH THE CONTEXT TREAT RISKS xThe period of risk review will be determined by the risk rating, with higher rated risks and associated controls/risk mitigation strategies reviewed more often. Risk monitoring and review will:- - ensure risks appropriately reflect the reality of the DRMSB’s operating environment; ‐ involve a of review of the adequacy and effectiveness of existing risk ratings (likelihood & Impact); - existing risk controls / treatment plans and recommend changes to treatment priorities & timeframes; ‐ include consideration of the appropriate “responsible person(s)” for ongoing monitoring and review of risks. Additionally, monitoring and measuring includes evaluation of the risk awareness culture and the risk management framework, and assessment of the extent to which risk management tasks are aligned, suitable, adequate, and effective way of achieving established objectives.