KENANGA ANNUAL REPORT 2023

113 OUR SUSTAINABILITY APPROACH HOW WE ARE GOVERNED FINANCIAL STATEMENTS SHAREHOLDERS’ INFORMATION ADDITIONAL INFORMATION STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Management Committees (“MC”) are established to oversee specific responsibilities based on defined terms of references. MC meetings are held regularly to ensure that business operations are executed in accordance with approved strategies, policies and business directions. The MCs are responsible for, amongst others: Reviewing the actual performance against expectations and budget; Addressing any internal control issues with the AC, GBRC, GBDITC, GNC, Employees’ Share Scheme Committee (“ESSC”), GIA, regulators and the external auditors; and Addressing any matters arising from the meetings of the Board, AC, GBRC, GBDITC, GNC and the ESSC; and ensuring that actions are taken in relation to these matters. Risk Management Process and Infrastructure The risk management process is a combination of both bottomup and top-down approaches to facilitate decision making based on available information known at the time and creating opportunities to refine inputs when new information is available. In addition to establishment of risk policies, tools and methodologies to identify, quantify and manage the risks, Group Risk Management is also responsible for establishing the risk measurement and monitoring process to ensure that the Group’s risk profile and portfolio concentration are reported to the various risk committees on a regular basis. Internal Policies and Procedures Policies and procedures which set out standard day-to-day operations and managing risks are formulated based on current regulatory requirements and industry best practices. The adequacy and compliance with regulatory requirements of the policies and procedures are assessed by independent control functions such as risk management, compliance and audit, prior to obtaining approval from the Board or relevant MC. Existing policies and procedures are reviewed regularly to ensure improvements and in consideration of emerging or changing risks profile, new products or services as well as new or updated regulatory requirements. Annual Business Plans and Budgets The Board reviews and approves the business plans and budgets which are developed in line with the Group’s strategies and risk appetite. Actual performances against the approved budgets are escalated to the Management and Board on a monthly basis allowing responses and corrective actions to be taken. Human Capital Management The organisational structure, which is aligned to business and operational requirements are led by Heads of Departments with accountability in place. Policies and procedures on human resource are reviewed regularly to ensure they remain relevant to manage operational and people related risks. There are regular training and updates for employees on the requirements and guidelines set by regulatory bodies such as BNM, the SC and Bursa Malaysia, as well as on the importance of corporate governance, risk management and internal control. Various awareness programmes that address the operational risks, ethics and fraud are also conducted regularly. Comprehensive background screenings of employees are carried out during the hiring process and repeated annually, with appropriate actions taken in response to any negative findings. Key Performance Indicators are cascaded to each employee annually in alignment with the Group and Division goals and objectives, and performance appraisals are conducted based on the achievement of the set targets. Management’s Compensation and Rewards is based on Pay for Performance principle. Compensation of Material Risk Takers and Other Material Risk Takers are reviewed annually by the GNC and the Board. Employee misconducts are managed based on the established Consequence Management Framework and Group Disciplinary Policy and Procedure. Business Continuity Management Business Continuity Plans and Disaster Recovery Plans are established to ensure non-disruption of business or efficient business resumption. Regular testing or drills are also conducted for the purpose of staff preparedness, readiness of disaster recovery site, effectiveness of communication, escalation and recovery procedures. For effective business continuity management (“BCM”), awareness training is held annually for BCM coordinators and key persons.

RkJQdWJsaXNoZXIy NDgzMzc=