6 GOVERNANCE 245 TRANSFER ACCEPT REDUCE AVOID Transfer to or share the risk with a third-party or collaborate externally Accept and retain the risk, take no action to reduce the severity of the risk Take appropriate action to reduce the likelihood and/or impact of the risk Refuse to accept the risk, not to start or stop engaging with activity that gives rise to the risk Risk Management Approach The Group’s risk management approach adopts a process which entails a consistent and systematic approach in the identification, assessment, monitoring and reporting of risk exposures. The risk management process is applied throughout the whole of the Group (enterprise level) or to any part of a business (i.e., divisions, departments, functions, business units and projects). The risk management approach comprises sequential steps of activities that are interrelated and iterative as follows: a. Set/clarify business objectives Set and understand the objectives for the Group and/or its business. b. Establish the context Define the context and boundaries within which the Group and/or the business operates. c. Risk Identification Identify risks together with their respective causes and consequences which could affect / impact the achievement of the Group and/ or business objectives. d. Risk Assessment Identified risks are prioritised to determine the overall effect on the Group and/or business by evaluating the potential impact on business objectives should a risk materialise together with the likelihood of its occurrence. The Group adopts the following risk rating matrix to articulate the relationship between risk impact and likelihood: Risk Rating Likelihood Risk Impact Insignificant Minor Moderate Major Catastrophic Almost Certain Medium Significant Significant High High Likely Low Medium Significant High High Possibly Low Medium Medium Significant Significant Unlikely Low Low Medium Medium Significant Rare Low Low Low Low Medium e. Risk Response Risk treatment involves the development and evaluation of appropriate response options to mitigate identified risks. Risk Owners are responsible for determining and implementing transparent and cost-effective risk responses, including risk transfer, acceptance, reduction and avoidance.
RkJQdWJsaXNoZXIy NDgzMzc=