MISC BERHAD INTEGRATED ANNUAL REPORT 2025 08 09 10 01 02 03 04 05 06 07 12 13 SEC 11 GOVERNANCE 10 222 www.miscgroup.com 223 www.miscgroup.com #deliveringProgress STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL Risk Appetite Area Statements Tolerance Operational Project Schedule & Cost Manage projects to ensure timely delivery and effective management of project costs Limited Tolerance Fatality Takes practicable measures to prevent and mitigate the risks of injuries, and damage to properties, manage safety and security risks to our people, asset, reputation and protect the environment wherever we operate Zero Tolerance Major HSSE Incidents Cybersecurity Maintain the confidentiality, integrity, and availability of MISC’s systems, data and services Zero Tolerance Legal & Regulatory Critical Laws & Regulations Uphold and practice good corporate governance and comply with the relevant laws and regulations Zero Tolerance Bribery and Corruption Against all forms of bribery and corruptions as embedded in the MISC Code of Conduct and Business Ethics (CoBE) and Anti-Bribery and Corruption (ABC) Manual Zero Tolerance Reputational Reputation Ensuring our actions and communications are consistently aligned with the Group’s vision, mission and shared values Limited Tolerance Note: • Zero Tolerance – Explicit position that no level of exposure, occurrence or deviation is acceptable, requiring strict avoidance, immediate escalation and timely corrective action if any breach occurs. • Limited Tolerance – A limited range of acceptable variation in risk exposure within which the Group permits a controlled level of deviation without undermining strategic and operational objectives and its core values. ENTERPRISE RISK MANAGEMENT FRAMEWORK The Group’s ERM Framework is generally aligned with the Principles and Guidelines of ISO 31000:2018 and provides a standard approach for implementing the elements and processes to identify, assess, treat, and monitor the risks impacting the Group. The established processes enable the identification and management of the principal risks of the Group as described in the Risks and Mitigation Strategies on pages 72 to 81 of this Integrated Annual Report. Appropriate internal control systems are also implemented to manage these risks, the details of which are set out in the below. Alignment to the Strategic Objectives The Group has implemented risk management best practices in the form of an ERM Framework which ensures a consistent approach in assessing and identifying risks faced by the Group against the backdrop of the MISC 2030 Ambition and the external environment. In sustaining the achievement of business objectives, it is important to manage risks across the Group on an integrated basis with a balanced view of the risks taken against the rewards of business performance. The business/service units and subsidiaries are required to perform an annual review of their risk profiles with an emphasis on linking these risks to the MISC Group’s business objectives. The identified risks are recorded in the respective units’ risk profiles, and these risks are assessed, treated, monitored, and reviewed quarterly. STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL Risk Register and Prioritisation The Group maintains a risk register, which comprises a list of Primary Risks critical to the Group, inclusive of their corresponding risk mitigation measures and assigned Key Risk Indicators (KRIs), derived from the businesses. These risks are reviewed and assessed in terms of likelihood and magnitude of potential impact, and mapped to the MISC Risk Matrix, a standard 5-by-5 matrix. This process enables the prioritisation of risks, as well as the ability to identify and evaluate the adequacy of mechanisms in place to manage and respond to the critical risks that may impact the Group. All Primary Risks are assigned to a risk owner, accountable for the management of the risk, which includes the implementation of action plans to mitigate the risk. Forward Looking Approach The Group adopted a proactive approach in assessing and reporting the likelihood of risks materialising in the foreseeable future, in addition to monitoring risk performance and KRIs. This process includes the horizon scanning and assessments of any emerging and external developments such as changes in regulatory requirements, market conditions, geopolitical trends and technological disruptions among others that has the potential to influence the achievement of the Group’s business objectives or its operations. These are evaluated and reported as part of the quarterly review of risk performance and KRIs, which enables timely management intervention to prevent escalation and strengthen the overall risk resilience of the Group. Risks identified through this process are deliberated by the MRC and escalated to the BSRC and the Board for consideration. During the year, Management and the Board deliberated extensively on several key risk events, particularly on the heightened global trade tensions arising from United States trade and tariff policy actions and its potential impact on commercial contracts, the Middle East conflicts, the imposition of United States Trade Representatives port fees, and the International Maritime Organization’s Net-Zero Framework. Reporting and Continuous Improvement For the purpose of risk reporting, the status of the mitigation action plans identified to manage these risks and breaches of the KRI thresholds are monitored, updated, and reported to the MRC, BSRC and subsequently to the Board on a quarterly basis. The implementation and effectiveness of risk management and internal control within the Group are continuously reviewed and documented for an effective and sustainable ERM culture, including enhancing the individuals’ capability in risk management. ESG and Sustainability Related Risks and Opportunities The Group acknowledges the evolving requirements for reporting on sustainability related risks and opportunities (SROs), in line with the National Sustainability Reporting Framework (NSRF) issued by the Securities Commission Malaysia and the standards of the International Sustainability Standards Board (ISSB). During the year, a comprehensive review was undertaken to identify underlying sustainability risks that can materially impact the Group’s short, medium and long-term objectives. This process involved conducting surveys, workshops, and focus group discussions with key stakeholders and subject matter experts. Key enhancements include the adoption of IFRS S1 and S2 requirements, covering the identification of SROs, conducting scenario analyses to assess resilience against climate-related risks, and quantifying potential financial impacts arising from identified climate-related risks. Most of these SROs have been historically embedded within MISC’s ERM Framework. The enhancements arising from the adoption of IFRS S1 and S2 have been included in the Corporate Risk Profile and Risk Registers reflecting an integrated approach to risk governance. These risks are monitored using established KRIs and signposts, which are periodically reviewed by MRC and BSRC. Looking ahead, the Group remains committed to continuously strengthening the sustainability risk management practices by aligning with best practices. This forward-looking approach ensures that sustainability considerations remain central to strategic decision-making, supporting long-term resilience and value creation for stakeholders.
RkJQdWJsaXNoZXIy NDgzMzc=