ENRA Group Berhad Annual Report 2018

38 E N R A G R O U P B E R H A D ( 2 3 6 8 0 0 - T ) RISK MANAGEMENT FRAMEWORK (Cont’d) • The RMUs with the oversight by the ERMC provides the second line of defense. Quarterly updates on risk management are given by the heads of the various business units and certain supporting functions to the RMU’s, which in turn reports the ERMC. The ERMC provides directions and has an oversight role in the risk management process. At its scheduled quarterly meetings, the ERMC appraised and assessed the efficiency of the controls and progress of actions plans taken to mitigate and monitor the risk management exposure of the Group. The ERMC also monitored the progress and status of the risk management activities, as well as raised issues of concern for Management’s attention. • The Internal Audit function provides the third line of defense. The function reports directly to the ARMC and provides independent assurance of the adequacy and reliability of risk management processes and system of internal control and ensures compliance with risk related requirements. • Within the framework, there is an established and structured process for the identification, assessment, communication, monitoring as well as continual review of risks and effectiveness of risk mitigation strategies and controls of the business units and supporting functions with regular communication between business units and the RMUs that in turn reports to the ERMC. The current methodology is adopted from the elements of Risk Management ISO 31000 (2008). • The level of risk tolerance is expressed through the use of a risk impact and likelihood matrix with an established risks parameter boundary set by the ERMC and approved by the Board of Directors. The parameters set those risks that are deemed to exceed or close to exceeding risk tolerance and those which have not. There is established risk treatment guidance on the action to be taken for the relevant risks. • The group’s activities are exposed to a variety of risks, including operating, financial, strategic management, human resource, information technology, procurement, political, sales and marketing and safety, health and environment risks. The Group has relevant policies and guidelines on risk reporting and disclosure that cover those risks. Management of Significant Risks • The management of the significant risks identified for the financial year ended 31 March 2018 are as follows: 1. Strategic Management Risks in managing principals and customers. Currently the sales team’s plan is to continue to increase knowledge and competency to add value to our services that will ensure dependency from both customer and principal. We focus on education, diversification, and transfer of knowledge to maintain and enhance the relationship in this ever challenging and changing environment. 2. Environmental Risk exist as we are operating within both the oil & gas and property development industries/segments which are exposed to compliance risk of the laws and regulations including those relating to health, safety, environment and compliance with the various certifications required for the industries. We currently have various preventive maintenance programs, training and development, and processes for risk assessment and monitoring and control based on ISO9001 quality objectives. There is an approved plan to build our own chemical refilling and storage facility with proper safety and environmental control system. 3. Project Completion Risk, as the Group has businesses both locally and overseas and is exposed to various risks’ relating to delay in procuring materials, project management and control issues, payment issues and lacking in communication. The Group has embarked on a more stringent role in terms of monitoring projects both locally and overseas such as appointing key people as project managers and regular monitoring and reporting on progress reports. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL cont’d