INTEGRATED ANNUAL REPORT 2024 192 193 SECTION 12: GOVERNANCE www.miscgroup.com MISC BERHAD Statement on Risk Management & Internal Control The Board of Directors is pleased to provide this Statement on Risk Management and Internal Control (Statement) pursuant to Paragraph 15.26(b) of the Main Market Listing Requirements of Bursa Malaysia Securities Berhad and as guided by The Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers. The following statement outlines the nature and scope of risk management and internal controls within MISC Berhad (MISC or Company) and its subsidiaries (MISC Group or Group) during the financial year ended 31 December 2024. ACCOUNTABILITY OF THE BOARD The Board is responsible for establishing and maintaining a sound risk management and internal control framework with the objective of safeguarding the shareholders’ interest and the Group’s assets. The Board affirms its principal responsibility to regularly review the adequacy and effectiveness of the risk management and internal control framework. By implementing sound risk management and internal control systems, it helps the Group to achieve its performance and profitability targets whilst managing risks. In discharging its responsibilities, the Board is supported by MISC’s Board Sustainability & Risk Committee (BSRC) and Board Audit Committee (BAC) to oversee the risk management and internal control systems during the financial year ended 31 December 2024. The BSRC reviews, evaluates, reports and makes appropriate recommendations to the Board on the adequacy and effectiveness of the Group’s risk management framework, policies and process whilst the adequacy and effectiveness of the Group’s internal control framework is under the purview of the BAC. For more information on the BAC’s and BSRC’s responsibilities, please refer to their respective reports on pages 180 to 186 (for the BAC) and pages 187 to 191 (for the BSRC) of this Integrated Annual Report. During the year under review, the BSRC was further supported by the MISC Management Risk Committee (MRC) (formerly known as Risk Management Committee), which comprises Executive Leadership Team (ELT) (formerly known as Management Committee) members and Heads of Divisions, to reflect the prominence and focus by Management on the oversight of risk management for the Group. In ensuring that the Group’s internal control systems are in place and effective in dealing with risks during the year under review, the BAC was supported by the MISC Management Audit Committee (MAC), which comprises ELT members and Group Internal Audit (GIA). The Board, via the BSRC and the BAC, periodically reviews the efficiency and effectiveness of the Group’s risk management and internal control to ensure the viability and robustness of the systems. In view of the inherent limitations in any processes and risks which cannot be eliminated completely, the Group has in place, a system of internal control and risk management designed to mitigate rather than eliminate the risks that may impede the Group from achieving its objectives. Therefore, it can only provide a reasonable, but not an absolute assurance against material misstatements or losses or the occurrence of unforeseeable circumstances. Thus, the Board adopts a cost-benefit approach to ensure that the expected returns outweigh the cost of risk mitigation. RISK GOVERNANCE STRUCTURE The Group’s risk governance structure facilitates the flow of information and effective oversight of the implementation of risk management practices across its businesses. Risk management activities span across the corporate, business/service units and subsidiaries based on the established risk management frameworks. Each appointed and dedicated risk focal person has the responsibility for risk management activities in their units and subsidiaries to ensure consistent implementation of risk management processes across the Group. Material and key risks are assessed and evaluated prior to reporting and escalation to the MRC and BSRC for deliberation, and subsequent approval by the Board. The MRC was established to review and monitor the Group’s risk management practices. It is primarily responsible for driving the implementation of the risk management framework and acts as the central platform for the Group. Assist the management in identifying principal risks at Group level and provide guidance and direction in the implementation of group wide Enterprise Risk Management (ERM) to protect and safeguard MISC’s interest. Review and recommend policies and frameworks specifically to address risks inherent in all business operations and environments pertaining to the Group. Review, deliberate and recommend mitigation actions to ensure that the Group’s risks are being mitigated effectively. Provide a reasonable assurance to the BSRC that the Group’s risks are being managed appropriately. MANAGEMENT RISK COMMITTEE The MRC holds quarterly meetings to review the key risks and at the same time ensure that mitigation plans are in place to manage such risks. The adequacy and effectiveness of the controls and the robustness of the mitigation actions are also addressed. These are then further deliberated at the BSRC and finally reported to the Board on a quarterly basis. Board of Directors • Responsible for establishing and overseeing the Group risk management framework, systems and activities as well as setting of the Group’s risk appetite. BSRC • Reviews the adequancy and effectiveness of MISC’s Risk Management Framework and on-going activities for identifying, evaluating, monitoring and mitigating risks. • Reviews the risk assessments associated with investment opportunities, business proposals, corporate exercises and key initiatives. • Reviews the Group’s risk appetite and tolerance level. MRC • Serves as the central platform in providing steering and stewardship on the implementation and institutionalisation of enterprise risk management in the Group to protect and safeguard the Group’s interest. • Provides a reasonable level of assurance to the BSRC that the Group’s risks are being managed appropriately. Risk Owners • Responsible for implementing risk management processes at respective units/subsidiaries. Board Level Management Level Business Unit/ Service Unit/ Subsidiary Group Strategy and Sustainability • Reviews and monitors risk reporting quarterly • MRC Secretariat Statement on Risk Management & Internal Control
RkJQdWJsaXNoZXIy NDgzMzc=