STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL RISK MANAGEMENT AND INTERNAL CONTROLS The following key features have been implemented by the Board in its effort to maintain an effective and sound system of risk management and internal controls:- Risk Management Framework The Risk Management Committee has been established by the Board with clear defined lines of accountability and authority. They are responsible for identifying business risks, implementing appropriate systems of internal controls to manage these risks and ensuring that there is an ongoing programme to continuously assess, monitor and manage the principal risks of the Group. The Company’s ERM Framework is consistent with the Committee of Sponsoring Organisations of the Treadway Commission’s (“COSO”) ERM Framework, the Statement on Risk Management and Internal Control: Guidelines for Listed Issuers, Bursa Malaysia’s Corporate Governance Guide and also in line with the ISO 31000, Risk Management – Principles and Guidelines. The Company’s ERM Framework and processes are summarised in the flow chart as follows:- STRATEGIC AND OPERATIONAL PLANNING PROCESS • Setting Vision, Mission and Objectives • Strategy Formulation and Implementation • Review Strategy and Feedback • Update Strategy • Commit and Mandate • Standard Procedures and Guidelines • Allocate and Organise - Risk Management Working Group RISK MANAGEMENT PROCESS • External, Internal Context of Risk • Risk Appetite, Risk Tolerance • Risk Criteria • Control Effectiveness Criteria • Roles and Responsibilities • Monitoring Tools and Processes • Identify and Select Treatment Options • Risk Treatment Plan • Identify Risk • Analyse Risk • Evaluate Risk ESTABLISH CONTEXT MONITORING, REVIEW AND REPORTING RISK ASSESSMENT RISK TREATMENT MATRIX’S ERM FRAMEWORK 1 4 2 3 OUR GOVERNANCE MATRIX CONCEPTS HOLDINGS BERHAD 126
RkJQdWJsaXNoZXIy NDgzMzc=