RISK MANAGEMENT (CONT’D) Enterprise Risk Management (ERM) Framework (Cont’d) The processes involved in the ERM are summarised below: Risk Identification : Finding, recognising, and describing the risks that could affect the achievement of an organisation’s objectives. During the risk identification process, it is important to identify the risks associated with not pursuing an opportunity. Risk Analysis : Risk shall be analysed and assessed to determine the Risk Rating. The risk analysis should start with determining the root causes/sources of risk, assessing the likelihood and impact to produce a Gross Risk Rating (the risk rated before any preventive/recovery measures are implemented) Risk Evaluation : Risk evaluation involves the exercise of determining the existing key controls on the identified risk, defining the existing Control Effectiveness and the likelihood and impact of producing the Residual Risk Rating. All risk profiles will be rated based on 2 parameters: Likelihood (that the risk will occur X the impact that it has on the business. Ratings of the risks will be tabulated to produce a heat map. The Risk Action Plan/ Mitigation Plan : The risk Mitigation Plan identifies the parties responsible and the timeline for the plan implementation. Monitoring Risk Mitigation Performance : Risk monitoring, review, and reporting shall be performed periodically. The frequency of reporting is summarised as per table below Risk Reporting Frequency Reporting Party Reporting To Frequency of Reporting Reports to Be Submitted BARC BOD Quarterly • “Very High” Risk Profile • Status of Mitigation Plan • Project Risk • Special Risk Report on need basis ERMC CEO, BARC Quarterly • Updated risk profile and Risk Registers • Risk action plan and Status Updates • Special Risk Reports (when required) Risk Owners ERMC Monthly • Updated risk profile and Risk Registers • Risk action plan and Status Updates (when required) • Special Risk Reports (when required) Co-Owners Risk Owners Monthly • Updated risk profile and Risk Registers • Risk action plan and Status Updates (when required) • Special Risk Reports (when required) The ERM process evaluation is undertaken by the ERMC every quarterly to assess and evaluate risks that may impede the Group from achieving its strategic and operational objectives, as well as developing action plans to mitigate such risks and to monitor Mitigation Performance. In ensuring that there is consistency in the methods used in managing risks throughout the organisation, both at the strategic and operational levels risk appetites were pre-determined to ascertain that the risk management efforts are aligned with the REIT’s business objectives. Statement on Risk Management and Internal Control 142 AL-SALĀM REIT ANNUAL REPORT 2024
RkJQdWJsaXNoZXIy NDgzMzc=