05 / HOW WE ARE GOVERNED 01 02 03 04 06 07 08 09 141 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Management Committees (“MC”) are established to oversee specific responsibilities based on defined terms of references. MC meetings are held regularly to ensure that business operations are executed in accordance with approved strategies, policies and business directions. The MCs are responsible for, amongst others: Reviewing the actual performance against expectations and budget; Addressing any matters arising from the meetings of the Board, AC, GBRC, GBDITC, GNC and the ESSC; and ensuring that actions are taken in relation to these matters. Addressing any internal control issues with the AC, GBRC, GBDITC, GNC, Employees’ Share Scheme Committee (“ESSC”), GIA, regulators and the external auditors; and Risk Management Process and Infrastructure The risk management process is a combination of both bottomup and top-down approaches to facilitate decision-making based on available information known at the time and creating opportunities to refine inputs when new information is available. In addition to establishment of risk policies, tools and methodologies to identify, quantify and manage the risks, Group Risk Management is also responsible for establishing the risk measurement and monitoring process to ensure that the Group’s risk profile and portfolio concentration are reported to the various risk committees on a regular basis. Internal Policies and Procedures Policies and procedures which set out standard day-to-day operations and managing risks are formulated based on current regulatory requirements and industry best practices. The adequacy and compliance with regulatory requirements of the policies and procedures are assessed by independent control functions such as risk management, compliance and audit, prior to obtaining approval from the Board or relevant MC. Existing policies and procedures are reviewed regularly to ensure improvements and in consideration of emerging or changing risk profiles, new products or services, as well as new or updated regulatory requirements. Risk Appetite Risk appetite is the level of risk the Group is willing to accept in pursuit of values and objectives. A clearly articulated risk appetite is fundamental to the alignment of risk-taking activities with its strategic plans. This is to ensure a consistent approach towards risk and strategic management across the Group. The Risk Appetite Framework has been established to ensure that the risk appetites approved by the Board are managed prudently to achieve business plan and growth targets, while strengthening control and coordination of risk-taking activities across the Group’s businesses within acceptable boundaries. Annual Business Plans and Budgets The Board reviews and approves the business plans and budgets which are developed in line with the Group’s strategies and risk appetite. Actual performances against the approved budgets are escalated to the Management and Board on a monthly basis allowing responses and corrective actions to be taken. Human Capital Management The organisational structure, which is aligned to business and operational requirements is led by Heads of Divisions or Chief Executive Officers of Subsidiary Companies with accountability in place. Human resource policies and procedures are reviewed regularly to ensure they remain relevant for managing operational and people-related risks. Various awareness programmes that address the operational risks, ethics and fraud are also conducted from time to time. Employees are also periodically provided with training and updates to ensure alignment with requirements and guidelines issued by BNM, SC, and Bursa Malaysia. These sessions help reinforce awareness of corporate governance, risk management and internal control expectations. Comprehensive background screenings of employees are performed during the hiring process and are repeated annually. Appropriate actions are taken in response to any adverse findings or identified risks. Key Performance Indicators are cascaded to each employee annually, aligned with the Group and Division goals and objectives. Performance appraisals are conducted based on achievement against the established targets. Management’s compensation and rewards are structured based on the Pay-for-Performance principle. Compensation for Material Risk Takers and Other Material Risk Takers is reviewed annually by the GNC and recommended for Board approval.
RkJQdWJsaXNoZXIy NDgzMzc=