INTEGRATED ANNUAL REPORT 2024 204 205 SECTION 12: GOVERNANCE www.miscgroup.com MISC BERHAD Aside from the Guidelines, MISC is continuously working on reviewing and updating its existing guidelines and technical controls, and monitoring and detection of cybersecurity events to ensure emerging threats are considered and risks are mitigated. A formal cybersecurity team has been established and led by a qualified Chief Information Security Officer (CISO), reporting to the Group HSSE & Sustainability Council, chaired by the President & Group CEO continues to provide management and implementation oversight with the cybersecurity risks addressed through the adoption of the following strategies: Cybersecurity Governance The cybersecurity governance framework outlines the policies and procedures, specifies the cybersecurity control standards and ensures a consistent approach to managing cybersecurity for the Group. Cybersecurity Culture Formal and structured cybersecurity campaigns and awareness programmes are conducted combining MISC Group internal cybersecurity training and email phishing campaigns. On-going cybersecurity announcements are done to provide security alerts and updates of cybersecurity incidents in developing a security culture where everyone understands that cybersecurity is everyone’s responsibility. The progress of all initiatives is reported regularly to the Group HSSE & Sustainability Council and the BSRC. HUMAN RESOURCE MISC Group places significant emphasis on nurturing a sustainable and healthy talent pool to support its strategic goals. To mitigate risks related to talent acquisition and retention, MISC has established robust recruitment and development processes. These ensure the sourcing of the right talent through a structured and transparent approach, supported by comprehensive development programs to nurture employee growth. Recruitment is conducted in a timely manner, prioritising the fulfilment of corporate and business-critical positions to ensure seamless business continuity. To address workforce flexibility and manage operational risks, “contingent workforce” work arrangement was introduced, enabling access to skilled talent through flexible work arrangements. The Group’s Performance Management is a cornerstone of MISC’s high-performance culture and closely aligns with strategic objectives. The system incorporates annual and mid-year reviews, expectation-setting and quarterly check-ins to ensure employees are clear on objectives, monitor progress and receive support when needed. These initiatives help mitigate risks related to underperformance and ensure a systematic approach to addressing developmental requirements. Merit-based rewards further strengthen retention and engagement by acknowledging and incentivising top performers. MISC is committed to fostering a diverse and inclusive workplace aligned with its ESG Social Pillar. This reduces risks associated with discrimination and lack of engagement by creating an environment that empowers employees to speak up and participate meaningfully. Initiatives such as the Conscious Inclusion Program for leaders aim to build inclusive leadership capabilities and address unconscious bias. Additionally, webinars on critical topics like addressing microaggressions and fostering inclusivity were conducted to further embed these values within the organisation. Cybersecurity Technology Cybersecurity Risk Management Cybersecurity risks are managed by the team based on a group-wide methodology. All projects and implementation of IT/OT facilities will be assessed and remediated prior to handing over to operation. Regular assessments are conducted to identify changes in risk profiles and ensure continuous improvement. MISC Group adopts proven and cost effective technology solutions in detecting and preventing cyber attacks, as well as responding and recovering from cyber attacks. These technologies comprise of Artificial Intelligence, cloud computing and data analytics and are revised regularly to reduce MISC Group’s risks from cyber attacks. Statement on Risk Management & Internal Control The Group’s succession planning framework mitigates risks of leadership gaps by maintaining a strong leadership pipeline. Potential successors are assessed on their performance, leadership capabilities, and alignment with MISC’s cultural beliefs. Tailored development plans prepare identified successors for critical roles, while the People Development Committee (PDC) conducts annual reviews to evaluate readiness. This structured approach ensures leadership continuity and minimises the risk of disruptions in key positions. To address skill gaps and ensure workforce readiness, MISC conducts functional and leadership competency assessments. These efforts focus on developing critical skills in areas such as AI-assisted predictive asset management and sustainability, ensuring alignment with emerging industry needs. Leadership courses tailored through LinkedIn Learning and other platforms further enhance the workforce’s ability to drive strategic priorities. By proactively developing future and adjacent skills in areas like sustainability and contract management, MISC minimises risks associated with talent obsolescence and positions itself to capitalize on growth opportunities. Recognising the importance of fostering a healthy and productive workforce, MISC has implemented well-being initiatives to mitigate risks related to employee health, morale, and engagement. Programs such as FlexWear, FlexWork and FlexBenefit balance operational needs with personal preferences, promoting a supportive and inclusive work culture. Enhanced medical benefits, flexible leave policies and career paths for contingent roles support work-life balance and help retain top talent. Compliance with the Malaysian Employment Act, including maternity and paternity leave provisions, reinforces the Group’s commitment to a family-friendly workplace. By embedding robust risk management practices across its HR functions, MISC Group ensures alignment with strategic goals, mitigates workforce-related risks, and builds a resilient and future-ready organisation. These measures support a sustainable and inclusive culture, reinforce business continuity, and empower the workforce to thrive in a rapidly changing global environment. COMPLIANCE & ETHICS The strategic priority – Governance & Business Ethics, under the Governance Pillar of Sustainability Strategy, is to continuously embed a culture of strong corporate governance and business ethics and conduct within the Group. The Governance Pillar maps out the Group’s compliance strategy, objectives, and guidance through the Compliance Management Framework to assist management, business and operations to develop, manage, and maintain the governance required to meet and sustain the compliance strategy and objectives across the Group including the performance of the core functions of an Integrity Governance Unit (IGU) i.e. complaints management, detection and verification of breaches, integrity strengthening and governance management. MISC Group has put in place fundamental policies in line with the Code of Conduct and Business Ethics (CoBE) that extends to employees and directors within the Group and third parties performing works or services for or on behalf of the Group. Internal controls including policies and measures addressing the Critical Legal Areas (CLA) related to ethics and integrity, personal data protection, sanctions, export control, competition and human rights/modern slavery through the following policies: • MISC Group has a zero-tolerance policy (Anti-Bribery Corruption Policy and Manual) which applies to employees or companies acting for or on behalf of MISC, throughout the Group reflecting the commitment of zero tolerance against any corrupt or unethical practices in the course of conducting business in all the jurisdiction it operates. This is further strengthened through the Integrity Management System which sets out the requisite requirements to prevent, identify and respond to bribery, of which MISC Group are ISO ABMS certified entities i.e. MISC Berhad and MHB have received the ISO 37001:2016 (ISO ABMS) certification in 2019, followed by AET in 2020, MISC Marine in 2022 and ALAM in 2023. The Corruption Risk Assessment (CRA) is being conducted and reviewed on an annual basis to ensure MISC Group fulfils the requirements of the Adequate Procedures Guideline and is safeguarded against the provision in the MACC Act (Amendment 2018) under Section 17A: Corporate Liability which was effective from 1 June 2020. Statement on Risk Management & Internal Control
RkJQdWJsaXNoZXIy NDgzMzc=