INTEGRATED ANNUAL REPORT 2024 196 197 SECTION 12: GOVERNANCE www.miscgroup.com MISC BERHAD The Group has implemented risk management best practices in the form of an ERM framework which ensures a consistent approach in assessing and identifying risks faced by the Group against the backdrop of MISC’s 2030 Ambition targets. In sustaining the achievement of business objectives, it is important to manage risks across the Group on an integrated basis with a balanced view of the risks taken against the rewards of business performance. The business/service units and subsidiaries are required to perform an annual review of their risk profiles with an emphasis on linking these risks to MISC Group’s business objectives. The identified risks are recorded in the respective Unit’s risk profiles, and these risks are assessed, treated, monitored, and reviewed quarterly. The Group maintains a risk register, which comprises a list of Primary Risks critical to the Group inclusive of their corresponding risk mitigations and assigned Key Risk Indicators (KRIs), derived from the businesses. These risks are reviewed and assessed in terms of likelihood and magnitude of potential impact and mapped to the MISC risk matrix, a standard 5 by 5 matrix. This process enables the prioritisation of risks, as well as to identify and evaluate the adequacy of mechanisms in place to manage and respond to the critical risks that may impact the Group. All Primary Risks are assigned to a risk owner, accountable for the management of risk which includes the implementation of action plans to treat the risk. For the purpose of risk reporting, the status of the mitigation action plans identified to manage these risks and breaches to the KRI thresholds are monitored, updated, and reported to the MRC, BSRC and subsequently to the Board on a quarterly basis. The ERM implementation within the Group is continuously reviewed and documented for an effective and sustainable ERM culture, including enhancing the individuals’ capability on risk management. In essence, the risk management process is as follows: Continual Improvement External Context External Environment Analysis Risks & Opportunities Internal Context Business Outlook/Plan Strategic Priorities Objectives/ Targets Risk Assessment Identify Analyse Evaluate Risk Treatment Risk Monitoring Identify Risk Treatment Strategy Identify new mitigations for each identified risk Establish target risk rating Monitor KRIs Monitor Risk Updates through Risk Information System Risk Reporting Statement on Risk Management & Internal Control Risk Assessment for Projects and Investment Opportunities The Project Risk Assessment Framework (PRAF) is a risk-based tool that thoroughly evaluates risks for capital intensive projects and other investment opportunities, which enables the business to identify and implement appropriate controls to mitigate associated risks. The framework supports informed decisionmaking, reinforces a disciplined and structured investment practice. It is continuously reviewed and refined to maintain relevance and robustness in risk assessment throughout the project cycle. The PRAF for capital intensive projects and other investment opportunities is outlined below: PRA Phase and Stage Gate Activities The PRA Phase and Stage Gate activities consider the project lifecycle, ensuring that capital intensive projects are evaluated with risk assessment, mitigation, independent review, and lessons learned at key milestones for informed decision-making and monitoring. It encompasses phases such as opportunity assessment, bid submission and award, project execution and operations. PRA Reporting Structure Project Risk Assessment (PRA) Phase and Stage Gate Activities Board of Directors BSRC MRC PRA Sub Committee Portfolio of Investment and Opportunities Project Risk Assessment Project Independent Review Project Lessons Learnt Post Implementation Economic Review Commercial Project Execution Country Financing and Project Economics Other material risks Risk Assessment in Decision Making (RADM) In instituitionalising risk-based decision making across the Group, RADM Guideline sets out the requirement for strategic decision papers to be equipped with risk assessments to ensure that decision makers make fully informed decisions. It aims to enhance decision making process through sufficient deliberation with a balanced view of exposure associated with the decision. The risk assessment facilitates the identification of potential threats, enables risk prioritisation, and enhances preparedness by identifying relevant mitigations to address the risks. During the year, the BSRC deliberated risks related to proposed participation in new projects, corporate exercises, and key business proposals prior to approval by the Board. PRA Risk Areas Operations and Maintenance Bid Submission + Contract Award Project Execution Operations Opportunity Assessment Statement on Risk Management & Internal Control
RkJQdWJsaXNoZXIy NDgzMzc=