pg. 199 Corporate Governance Report Integrated Annual Report 2025 OKRs and New Internal Controls Continuous Monitoring & Embedment OKRs and New Internal Controls Continuous Monitoring & Embedment OKRs and New Internal Controls Continuous Monitoring & Embedment OKRs and New Internal Controls Continuous Monitoring & Embedment ERM PROCESS ERM INFRASTRUCTURE ERM INTEGRATION • Vision/Mission Governance & Compliance Structure • Board/Management Mandate/ LoA • ERM Reporting Structure & Frequency • ERM Roles & Responsibilities • Risk Appetite/ Parameters • Digitalisation & Automation • Strategic Planning & Financial Management • Policy, Frameworks & SOP • Decision Making • Acquisitions/ Investment/ Divestment • Leasing • Building and Asset Management, • Sustainability Management - Climate & Emerging Risks • Compliance • Business Continuity Management/ Incident Data Analysis ERM EDUCATION Category Risk Appetite Statement Tolerance Level Compliance/ Governance/ Legal • Ensure full compliance with regulatory, statutory, Shariah, reporting and Bursa Malaysia requirements, while upholding high standards of corporate governance, integrity and ethical conduct across all business activities. • Near-Zero tolerance for regulatory or Shariah non-compliance, late submissions or inaccurate disclosures; • Zero tolerance for governance lapses, conflicts of interest or unethical conduct; • Low tolerance for legal disputes, lease nonperformance, unauthorised tenant activities or exposures arising from inadequate oversight. The REIT’s Risk Appetite underpins the Risk Management Framework and is implemented through policies and internal controls that guide daily decision-making, assessments, escalation and compliance. The Enterprise Risk Management Framework The Manager applies a comprehensive ERM Framework to systematically identify, evaluate, and prioritise risks across the organisation. The framework is depicted as below: ENTERPRISE RISK MANAGEMENT FRAMEWORK The ERM Framework combines governance, structured processes and integration with core activities to ensure consistent risk identification, assessment, mitigation and monitoring. Supported by clear roles, risk appetite, digital tools and alignment with strategy, budgeting, acquisitions, ESG and BCM, the framework emphasises continuous monitoring and competency-building to foster a strong risk culture. STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL Awareness/Sharing Sessions Continuous Education Competency Assessment Change Management The Three Lines of Defence Model
RkJQdWJsaXNoZXIy NDgzMzc=