MISC BERHAD INTEGRATED ANNUAL REPORT 2025 08 09 10 01 02 03 04 05 06 07 12 13 SEC 11 GOVERNANCE 10 218 www.miscgroup.com 219 www.miscgroup.com #deliveringProgress STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL The Board of Directors is pleased to provide this Statement on Risk Management and Internal Control (the Statement) pursuant to Paragraph 15.26(b) and Practice Note 9 of the Main Market Listing Requirements of Bursa Malaysia Securities Berhad and as guided by the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Companies 2025 and addresses the Intended Outcomes and Practices under Principle B (Effective Audit and Risk Management) of the MCCG. The following statement outlines the nature and scope of risk management and internal controls within MISC Berhad (MISC or the Company) and its subsidiaries (MISC Group or the Group) during the financial year ended 31 December 2025. ACCOUNTABILITY OF THE BOARD The Board is responsible for establishing and maintaining a sound risk management and internal control framework with the objective of safeguarding the shareholders’ interests and the Group’s assets. The Board affirms its principal responsibility to regularly review the adequacy and effectiveness of the risk management and internal control framework. By implementing sound risk management and internal control systems, the Group is better positioned to achieve its performance and profitability targets whilst managing risks. In discharging its responsibilities, the Board is supported by MISC’s Board Sustainability & Risk Committee (BSRC) and Board Audit Committee (BAC), both of which comprise a majority of independent directors, to oversee the risk management and internal control systems during the financial year ended 31 December 2025. The BSRC reviews, evaluates, reports and makes appropriate recommendations to the Board on the development, adequacy and effectiveness of the Group’s risk management framework, policies, and processes whilst the adequacy and effectiveness of the Group’s internal control systems fall under the purview of the BAC. During the year under review, the BSRC was further supported by the MISC Management Risk Committee (MRC) which comprises of members of the Executive Leadership Team (ELT) and Head of Group Health, Safety, Security and Environment (HSSE), to reflect the prominence and focus by Management on the oversight of risk management for the Group. In ensuring that the Group’s internal control systems are in place and effective in dealing with risks during the year under review, the BAC was supported by Group Internal Audit (GIA) and facilitated by the MISC Management Audit Committee (MAC), comprising members of the ELT. The Board, through the BSRC and the BAC, reviews the efficiency and effectiveness of the Group’s risk management and internal control systems at appropriate intervals throughout the year. For the financial year under review, the Board has undertaken its assessment of the adequacy and effectiveness of the framework, informed by the assurance activities and oversight processes described in the succeeding sections. These inputs collectively support the Board’s conclusion on the continued viability and robustness of the Group’s risk management and internal control systems. In view of the inherent limitations in any process and risks which cannot be eliminated completely, the Group has in place, a system of internal control and risk management designed to mitigate rather than eliminate the risks that may impede the Group from achieving its objectives. Therefore, it can only provide a reasonable, but not an absolute assurance against material misstatements or losses or the occurrence of unforeseeable circumstances. The Board also adopts a cost-benefit approach to ensure that the expected returns outweigh the cost of risk mitigation. For more information on the BAC’s and BSRC’s responsibilities, please refer to their respective reports on pages 205 to 212 (for the BAC) and pages 213 to 217 (for the BSRC) of this Integrated Annual Report. STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL RISK GOVERNANCE STRUCTURE The Group’s risk governance structure defines the organisation of key Enterprise Risk Management (ERM) functions, ensuring risk practices are embedded and a strong risk-aware culture is cultivated across the Group. A robust risk reporting mechanism is established to ensure comprehensive and timely flow of information, enabling the appropriate authorities to effectively manage risks across all levels. MISC adopts the Three Lines of Defense concept which propagates clear demarcation of risk reporting and responsibilities. The implementation of risk management serves as the second line of defence, and this is achieved through the established ERM unit at the corporate level and respective risk function with clear lines of reporting within the Group. Risk focals play a pivotal role in supporting the comprehensive management of risks in the respective business units, service units and subsidiaries, whereby the risk management requirements are embedded and aligned with their respective processes and practices. Risk management activities span across the corporate, business/service units and subsidiaries based on the established risk management frameworks. Each appointed and dedicated risk focal person has the responsibility for coordinating risk management activities in their units and subsidiaries to ensure consistent implementation of risk management processes across the Group. Material and key risks are assessed and evaluated prior to reporting and escalation to the MRC and BSRC for deliberation, and subsequent approval by the Board. 1st line of Defence 2nd line of Defence 3rd line of Defence Facilitated by: Board Sustainability & Risk Committee Risk Owners from Business Unit, Service Units and Subsidiaries Board of Directors Board Audit Committee Group Internal Audit* Corporate ERM Unit Management Risk Committee External Assurance * GIA submits its audit reports to the MAC for executive review.
RkJQdWJsaXNoZXIy NDgzMzc=