115 ANNUAL REPORT 2024 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL (cont’d) RISK MANAGEMENT SYSTEM (CONT’D) Once the risks have been identified, they are analysed to determine their causes, potential positive and negative consequences or impacts, and the likelihood of occurrence. The risk analysis is conducted using quantitative, qualitative, or a combination of both assessment methods. Additionally, each identified risk is evaluated for its control effectiveness in mitigating the risks to an acceptable level within the Group’s risk appetite. The control effectiveness is categorised into three (3) levels: Effective, Partially Effective and Ineffective. Within our risk management framework, we adopt four (4) strategic approaches to address the identified risks, which includes Terminate, Take, Treat or Transfer the risks. Depending on the nature, likelihood, and impact of each risk, the Group selects the most appropriate risk mitigation measure to minimise the Group's risk exposure within the defined risk tolerance level. The HODs are responsible for continuously monitoring and reviewing changes in the internal and external environment, assessing their implications, and updating the Risk Registers as necessary, with a mandatory review at least quarterly, facilitated by GRC. The GRC then reviews the updated Risk Registers and reports material changes to the ARMC and ultimately to the Board on a quarterly basis. Furthermore, all employees across the Group are required to comply with the Group’s ERM Framework, participate in risk management activities, and promptly highlight any emerging risks to the management. INTERNAL CONTROL SYSTEM The Board is cognisant of the importance of sound internal controls in supporting the effective functioning of the Group’s risk management system. In this regard, the Board has entrusted the Management with the responsibility of implementing robust internal controls within the Group’s daily operations, ensuring the continuous monitoring of its effectiveness. The internal control system is reviewed and updated periodically to ensure that it remains relevant and effective when responding to evolving business dynamics and risks. Amongst others, the key internal controls in place within the Group during FYE 2024 include: - (i) Formalisation of a Board Charter and Terms of References for the Board and Board Committees (i.e. ARMC, NC and RC) respectively to establish clear roles, duties, responsibilities, and authority level; (ii) Well-defined organisation structure with clear reporting lines to ensure appropriate segregation of duties and delegation of responsibilities; (iii) Formalisation of several Company policies and procedures (“PnP”), including the Code, ABC PnP and Whistle-Blowing PnP, to foster a culture of integrity and ethical behaviours within the Group; (iv) Adoption of a Fit and Proper Policy to provide the NC with clear and objective criteria in considering the appointment and re-appointment of Directors; (v) Implementation of ISO-certified SOPs, such as ISO 9001 - Quality Management System, ISO 14001 - Environmental Management System and ISO - 45001 Occupational Health & Safety Management System, to ensure consistency, efficiency and alignment with the Group’s business and sustainability objectives; (vi) Implementation of proper financial reporting procedures including the review of unaudited quarterly financial results, annual audited financial statements, RPT, RRPT and COI transactions (if any) by the ARMC before submission for the Board’s approval; and (vii) Quarterly internal audit reviews conducted by an outsourced independent Internal Auditors to assess and evaluate the effectiveness of the Group’s internal control system and recommend to the Management and ARMC on areas for continuous improvement.
RkJQdWJsaXNoZXIy NDgzMzc=