89 ENRA GROUP BERHAD ANNUAL REPORT 2025 RISK MANAGEMENT (CONT'D) Management of Significant Risks (Cont'd) 3. Project Completion Risk, as the Group has businesses locally and is exposed to various risks relating to delay and price changing in procuring materials, project management risks, occupational health and safety risk, political risk, credit risk, foreign exchange risk, sub-contractor’s financial management, payment issuance and communication barriers. The Group has embarked on a more stringent role in terms of monitoring projects locally such as appointing key people as project managers and regular monitoring, liaising with Legal firms on the terms of contracts and reporting on project progress to the MPR. 4. Transaction Approval Process as part of the ITGC review, showed it needed to have clear workflow and escalation procedures to ensure timely review and authorisation of transaction modifications. The management has embarked to implement a “Period Close” functionality within the current system. The management has also specified the use of ENRA’s official email for all correspondence with external parties and for all official communication for all its subsidiaries and restricting the use of Gmail. RISK MANAGEMENT STRUCTURE The Risk Management process is a collective responsibility which works by engaging every level of the organisation as risk owners of their immediate sphere of risks (as shown in the Risk Management Responsibilities diagram below). The Group aims to approach risk management from a top down and bottom up approach (holistically). This is managed through an oversight structure involving the Board, ARMSC, Internal Audit, ERMC and RMUs. Statement On Risk Management And Internal Control (Cont’d) PRINCIPLES FRAMEWORK PROCESS A. Creates and protects value B. Intergral part of organisational processes C. Part of decision making D. Explicity addresses uncertainty E. Systematic, structured and timely F. Based on the best available information G. Tailored H. Take human and cultural factors into account I. Transparent and inclusive J. Dynamic, interactive and responsive to change K. Facilitates continual improvement and enchancement of the organisation Mandate and commitment Design of framework for managing risk Monitoring and review of the framework Continual improvement of the framework Implementing risk management Risk assessment Establishing the context Risk identi cation Risk analysis Risk ovaluation Risk treatment Monitoring and review Communication and consultation Risk Management based on ISO 31000
RkJQdWJsaXNoZXIy