Risk Management Approach The Group’s risk management approach adopts a process which entails a consistent and systematic approach in the identification, assessment, monitoring and reporting of risk exposures. The risk management process is applied throughout the whole of the Group (enterprise level) or to any part of a business (i.e., divisions, departments, functions, business units and projects). The risk management approach comprises sequential steps of activities that are interrelated and iterative as follows: a. Set/clarify business objectives Set and understand the objectives for the Group and/or its business. e. Risk Response Risk treatment involves developing a range of responses and options for mitigating the risks. The Group adopts the 4Ts (Take, Treat, Transfer & Terminate) strategy in responding to the identified risks and qualifies these risks according to the acceptable levels by the relevant risk owners and stakeholders. b. Establish the context Define the context and boundaries within which the Group and/or the business operates. c. Risk Identification Identify risks together with their respective causes and consequences which could affect/impact the achievement of the Group and/or business objectives. d. Risk Assessment Identified risks are prioritised to determine the overall effect on the Group and/or business by evaluating the potential impact on business objectives should a risk materialise together with the likelihood of its occurrence. The Group adopts the following risk rating matrix to articulate the relationship between risk impact and likelihood: TAKE TRANSFER TREAT TERMINATE Intentionally taking risk due to inherent/ unavoidable risk or to pursue/sustain higher returns, with informed approval by appropriate level Transfer the risk by moving the risk to third party but accountability still resides with Risk Owners Mitigation plans established to reduce the likelihood & impact Avoidance by not to proceed or continue with a particular activity or seeking alternative means to achieve objective Risk Rating Likelihood Risk Impact Insignificant Minor Moderate Major Catastrophic Certain Medium Significant Significant High High Likely Medium Medium Significant Significant High Possible Low Medium Medium Significant High Unlikely Low Medium Medium Significant Significant Remote Low Low Medium Medium Significant f. Monitor, review and report risks Risk events and trends to be continually reviewed, assessed and monitored. Similarly, risk responses and mitigation plans are monitored continuously to ensure their relevance and effectiveness and are operating as designed and expected. g. Communication Communication is required for an effective risk management programme. The evolving business conditions continuously alters the risk profile of the Group and/or business, hence, frequent and explicit engagement and discussions about risk is vital to maintain continuous awareness and effective management of key risks. 247 GOVERNANCE
RkJQdWJsaXNoZXIy NDgzMzc=