IHH Healthcare Berhad | Annual Report 2024 102 for each category may necessitate collaboration across various departments. To establish transparent accountability lines for risk and control management, distinct roles and responsibilities have been delineated among the Board, Group, country, and hospital. This integrated approach ensures alignment between clinical risk monitoring, CQIs, incident reports, and audits, assuring effective control over clinical risk. Risk owners, for each category, assess the likelihood and potential severity of identified risks and assign a risk rating using the IHH risk matrix. This evaluation occurs at three levels – hospital, country, and group – corresponding to distinct accountability lines. Risk owners are charged with the development and implementation of appropriate risk controls, employing preventative, detective, or corrective measures based on priority. Monitoring the effectiveness of these controls is conducted through key performance indicators, key risk indicators, outcomes tracking, and periodic risk assessments. In instances where controls prove partially effective or ineffective, risk owners are tasked with establishing and monitoring action plans aimed at enhancing risk mitigation. This ensures continuous refinement and strengthening of clinical risk management practices in alignment with international best practices. In facilitating these initiatives, Group MAQ has devised a detailed timeline outlining a four-phased approach for the successful rollout of the clinical risk framework, with full implementation targeted for April 2025. In addition, Group MAQ and GIA are collaborating to align assurance efforts by enhancing coverage and minimising overlaps in audit scopes. Key initiatives include mutual sharing of high-risk operational findings in clinical areas and yearly audit plans to ensure coordinated efforts. For inherently high-risk clinical areas with potential reputational or compliance consequences, there will be dual assurance by Group MAQ and GIA. This synergy ensures GIA focuses on financial and operational aspects, while Group MAQ concentrates on clinical assurance. Training and Education Ensuring that MAQ staff attend courses on and/or certified in clinical quality, patient safety, and clinical audit is pivotal for risk management and control in healthcare. Group MAQ identified training programs and certifications to provide staff with the relevant knowledge and skills, enabling them to proactively drive improvements in patient care and overall healthcare quality. By staying abreast of the latest developments in these critical areas, MAQ staff are better equipped to identify and mitigate patient safety risks effectively. The acquired knowledge fosters a culture of safety within the organisation, where staff are attuned to potential risks and are well-versed in implementing preventive measures. Control Environment In terms of the management of business units, the operating structure includes a clearly defined delegation of responsibilities. The Group’s policies clearly define and outline the limit of authority. These policies and procedures are reviewed regularly and, if required, updated. A Whistleblowing Policy is in place within the Group’s business units. This policy encourages employees to report any wrongdoing by any person in the Group to the proper authorities so that the appropriate business action can be taken immediately. Whistleblowing Platform: The Group is committed to a high standard of corporate governance. Consistent with this commitment and to maintain a high standard of integrity in its business conduct, the Group has in place a whistleblowing policy. Since January 2023, the Group launched the Navex Whistle Blowing platform, EthicsPoint, where employees and third parties have a trusted channel to report, in confidence, any suspected wrongdoings. In 2024, the platform was enhanced with updated reporting categories to better serve our needs. GIA has been designated as the independent function to maintain the whistleblowing channel and investigate all whistleblowing reports. The AC are updated on the status of the reports. The system of risk management and internal control covers not only financial controls but also operational, risk and compliance controls as well. These systems are designed to manage, rather than eliminate, the risks arising from failure to comply with policies and deviating from goals and objectives. Such systems provide reasonable, rather than absolute, assurance against material incidents or loss. Risk Management Risk Management and Compliance Department (RMCD) assists the Board and RMC in discharging their risk oversight responsibilities. While Group management and business units hold primary responsibility for managing risk exposures, RMCD provides comprehensive risk and compliance advisory support to IHH business units worldwide. This support encompasses governance, training, and reporting, ensuring a consistent and effective approach to risk management. RMCD serves as the central resource for managing the Group’s risk portfolio and collaborates closely with business units to strengthen their risk management practices and capabilities as well as help shape the priorities and direction of the Group’s risk management activities. Risk updates are consolidated and analysed for monitoring and reporting to the IHH RMC on a quarterly basis. Statement on Risk Management and Internal Control Governance
RkJQdWJsaXNoZXIy NDgzMzc=