and managed based on defined risk rating criteria of likelihood and impact. This approach allows us to compare sustainability issues with other business risks and prioritise resources to manage risks. Furthermore, the Group acknowledges that climate change increasingly poses significant financial risk to our business. This includes the risks and opportunities presented by rising temperatures, climate-related policy, and emerging technologies in our changing world. We are aligning with the Task Force on Climate-Related Financial Disclosures (TCFD) recommendations on climaterelated financial disclosures by 2025 to enable us to effectively evaluate climate-related risks, make betterinformed decisions on capital allocation and improve our short-, medium- and long-term strategic planning capabilities Since enhancing our sustainability framework and anchoring it to the expectations of our four key stakeholders – Patient, People, Public and Planet – in 2022, in 2023 we have focused on monitoring and tracking progress against our sustainability goals via quarterly updates to the Sustainability Committee, RMC and the Board. Ensuring the implementation of sustainability initiatives across our operations to meet our goals are the Sustainability Committee’s responsibility. For more information on our sustainability initiatives, refer to our standalone Sustainability Report. The Group has in place a Risk Management Framework aligned to Standard ISO 31000:2018 Risk Management – Guidelines and adopting good practices from the Committee of Sponsoring Organisations of the Treadway Commission’s (COSO) Enterprise Risk Management (ERM) Framework. The framework encompasses practices relating to the identification, assessment and measurement, response, and action, as well as monitoring and reporting of the strategic and operational control risks pertinent to achieving our key business objectives. This framework is continuously enhanced to remain relevant and resilient in ensuring effective management of risk. In the formulation of our IHH Business Resilience Policy, we incorporated pertinent resilience standards, such as ISO 22301:2019 for Business Continuity Management Systems and ISO 22361:2022 for Crisis Management. Our framework and policies are reviewed periodically to ensure the effectiveness, adequacy and integrity of the Group’s risk management and internal control systems. Evaluate-Response-Monitor (E-R-M) Process For the year ended 31 December 2023, the major risk management activities undertaken during the year were as follows: 1. Continuing our ERM transformation to increase risk management maturity to better manage dynamic business environment and emerging challenges; 2. Conducted annual risk reviews through workshops and/or questionnaires in line with the business planning cycle; 3. Assessed emerging risks and developed risk action plans with internal stakeholders; 4. Enhanced Group Key Risk Indicators (KRIs) to serve as an early warning system for the Group, facilitating improved data analysis for more effective risk management; 5. Reviewed and updated risk universe in the areas of IT and Clinical Quality and Patient Safety to reflect key risks within IHH; 6. Established guidelines for the operationalisation of the Anti-Bribery and Anti-Corruption Framework, as well as guidelines for the ThirdParty Corruption Management Framework, to enhance the efficiency and effectiveness of IHH’s governance against bribery and corruption; 7. Anti-Bribery and Corruption policy is revised to further strengthen the Group’s anti-bribery and corruption governance. The Gifts, Hospitality, Donations and Sponsorship (GHDS) policy was introduced with mandatory e-learning module on GHDS was put in place to ensure the GHDS policy is implemented effectively Group wide; 8. Sustained implementation of the IHH Personal Data Protection Policy by enhancing Group data protection risk management practices; 9. Initiated the review of the IHH Personal Data Protection Policy to account for developments in legislation and business practices; 10. Collaborated with the IHH Cybersecurity Centre of Excellence to perform data flow analyses on clinical workflows; 11. Upskilled Data Protection Officers through in-house training on data flow analysis and sustainability management; 12. Conceptualised data transfer regulatory compliance instrument; 13. Strengthened the IHH Indian Insider Trading Compliance Framework by introducing a Standard Operating Procedure for handling non-compliance and developing a Structured Digital Database (SDD) to meet the Securities and Exchange Board of India (Prohibition of Insider Trading Regulations, 2015) requirements; 14. Developed the IHH Business Resilience Policy to oversee business resilience initiatives throughout the Group, focusing on enhanced coordination and preparedness; Annual Report 2023 115
RkJQdWJsaXNoZXIy NDgzMzc=