RISK MANAGEMENT SYSTEM (CONT’D) The ERM Framework serves as an official record of the Group’s strategic approach to risk management, outlining its intentions, objectives, and commitments in managing risk. Recognising the evolving and dynamic nature of the business environment, the Board is committed to maintaining a balanced approach to risks and opportunities, ensuring sustainable growth, safeguarding shareholders’ interests and maximising returns. Our ERM process begins with effective communication and consultation with both external and internal stakeholders to understand their needs, expectations, and assess changes in the operational context. This engagement is integral to the development of risk criteria. Through this collaborative approach, relevant risks are systematically identified and documented in the Group’s Risk Registers. These Risk Registers provide comprehensive details, including the likelihood and potential impact of each identified risk, ensuring a structured and informed approach to risk management. Identified risks are categorised into 8 broad areas, namely: i.e. strategic risk, compliance risk, health and safety risk, environment and sustainability risk, financial risk, operational risk, reputation risk, and technology and cybersecurity risk. Once identified, risks are analysed to determine their causes, potential consequences (positive and/or negative) and the likelihood of occurrence. Risk analysis may be undertaken using quantitative, qualitative, or a combination of both assessment methods. Each identified risk is also evaluated for the effectiveness of controls in mitigating the risk within the Group’s risk appetite. Control effectiveness is classified into 3 levels: Effective, Partially Effective and Ineffective. To address identified risks, the Group adopts 4 strategic approaches to address the identified risks, which includes terminate, take, treat or transfer the risks. Depending on the nature, likelihood, and impact of each risk, the Group selects the most appropriate risk mitigation measure to minimise the Group’s risk exposure within the defined risk tolerance level. The HODs are responsible for continuously monitoring and reviewing changes in the internal and external environment, assessing their implications, and updating the Risk Registers as necessary, with a mandatory review at least quarterly, facilitated by GRC. The GRC then reviews the updated Risk Registers and reports material changes to the ARMC and ultimately to the Board on a quarterly basis. The Group adopts a structured and forward-looking approach to managing its key risks. All employees across the Group are required to comply with the Group’s ERM Framework, participate in risk management activities, and promptly highlight any emerging risks to the Management. Material emerging risks arising from both the internal and external operating environments are continuously monitored, with a formal review conducted with ARMC at least on a quarterly basis. These reviews include the assessment of underlying assumptions, scenario analysis, as well as evaluation of the likelihood of occurrence and potential impact. The outcomes of the assessment are subsequently reported to the Board for deliberation. INTERNAL CONTROL SYSTEM The Board is cognisant of the importance of sound internal controls in supporting the effective functioning of the Group’s risk management system. In this regard, the Board has entrusted the Management with the responsibility of implementing robust internal controls within the Group’s daily operations, ensuring the continuous monitoring of its effectiveness. The internal control system is reviewed and updated periodically to ensure that it remains relevant and effective when responding to evolving business dynamics and risks. Amongst others, the key internal controls in place within the Group during FYE 2025 include: (i) Formalisation of a Board Charter and Terms of References for the Board and Board Committees (i.e. ARMC, NC and RC) respectively to establish clear roles, duties, responsibilities, and authority level; (ii) Well-defined organisation structure with clear reporting lines to promote appropriate segregation and delegation of responsibilities; 135 Annual Report 2025
RkJQdWJsaXNoZXIy NDgzMzc=