SECTION 07 pg. 204 AL-SALĀM REIT Risk Identification The Risk Officer leads a structured and systematic process to identify risks across the organisation. This begins with the development and continuous refinement of a comprehensive risk universe covering strategic, business, market, operational, financial, asset management, compliance, ESG, business continuity, integrity and emerging risk categories. Emerging risks are identified using pestle factors, ensuring coverage of external drivers such as political, economic, social, technological, environmental and legal developments. Risk identification is conducted in collaboration with departmental risk owners, who provide insights into key exposures within their respective areas. Significant risks arising from operational activities, strategic initiatives or market shifts are captured in the risk registers and updated quarterly. Risk Assessment All identified risks are evaluated using a standardised scoring methodology based on likelihood, impact, and the effectiveness of existing controls. Both inherent and residual risk ratings are assigned to provide a clear view of overall exposure. The residual risk rating is used to determine alignment with the Board-approved Risk Appetite and to identify risks that require heightened monitoring or mitigation. Risks that exceed appetite thresholds, or those deemed significant due to their potential impact on the REIT’s strategic, financial or operational performance, are escalated to the ERMC. The ERMC’s recommendations are subsequently tabled for review by BARC and the Board. The assessment process is performed quarterly to ensure responsiveness to evolving risks and external conditions. Risk Mitigation For all significant risks, Management develops mitigation strategies aimed at reducing likelihood or impact to acceptable levels. These include control enhancements, process improvements, technology solutions, contractual safeguards, diversification strategies and compliance strengthening measures. Risk owners are accountable for implementing mitigation plans, while the Risk Officer monitors progress and reports milestone updates to the ERMC. The effectiveness of mitigation actions is also assessed periodically to ensure that controls remain relevant and responsive to emerging risks. Risk Monitoring and Reporting The REIT maintains ongoing monitoring of key risks through periodic review of indicators, audit findings, compliance reports, operational updates and ESG monitoring activities. High or escalating risks are flagged for discussion at ERMC meetings, where Management deliberates mitigation adequacy and determines any further action required. Quarterly, the consolidated risk profile including heatmaps, top risks, mitigation status, new risks and emerging trends is presented to BARC and subsequently to the Board. Significant developments, deviations from appetite, or material control weaknesses are escalated immediately outside the regular cycle, ensuring timely oversight. Risk Culture and Awareness The Manager ensures that staff possess the necessary knowledge, skills, and competencies to carry out their responsibilities effectively. This is achieved through targeted training programmes, continuous professional development, performance management, and mentorship initiatives. By equipping employees with the right expertise, the REIT maintains operational excellence while strengthening its risk management and compliance capabilities. Risk awareness and refresher programme were conducted on 11 December 2025 for all 7 Risk Owners at the management and head of departments’ level. A total of 1,541 hours of training were attended by employees in 2025, covering various programmes categorised as Professional and Technical, Governance, Risk, Compliance, and Integrity, Digital/IT, and Self-Development. The average training hours per staff stood at 53 hours. STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL
RkJQdWJsaXNoZXIy NDgzMzc=