SECTION 3: OUR GOVERNANCE 124 The GRSC assists the Board through its quarterly meetings to provide oversight, guidance, review and deliberations on the Group’s key risk profiles, mitigation measures, governance, and compliance, including the relevant policies and procedures. Besides reviewing the Executive Risk Committee’s reports, the GRSC also assists the Board to drive the Group’s sustainability agenda by providing guidance and overseeing the progress of the execution of the sustainability initiatives in line with the Group’s vision and objectives. The GRSC also reviews the Enterprise Risk Management (“ERM”) Policy and framework on a bi-annual basis to ensure all the risk ratings which are measured against the impact and likelihood are consistent with the risk appetite matrix and acceptable tolerance level of the Group to achieve its key objectives. The Executive Risk Committee meets on a monthly basis to go through the risk profile of the business and review the risk management reports which include the risk registers for various functions within the Group and analysis of external risk factors. The Executive Risk Committee ensures all risk management, controls and action plans are conducted in accordance with the Group‘s ERM Policy prior to reporting to the GSRC. The AC, through internal audits, assists the Board to assess the effectiveness and adequacy of the Group’s system of internal controls, risk management, compliance and governance to ensure the integrity and robustness of the financial and non-financial reporting processes. RISK MANAGEMENT AND INTERNAL CONTROL FRAMEWORK The Group adopts the ERM policy to manage all the key business risks in a systematic and consistent manner. The ERM Policy provides references of the intents and lays out the fundamentals of risk management practices and overall Group’s risk appetite matrix according to the acceptable level of risks to achieve its key objectives. The Group’s ERM and internal control framework (“Framework“) is designed into four categories of objectives to ensure a comprehensive risk management strategy that aligns with our business goals. Supporting high level, mission oriented goals Strategic Ensuring effective and efficient resource usage Operational Ensure accurate and transparent information and communication Reporting Conformity to policies, law and regulations Compliance Risk Management Process The Group’s ERM process is a structured and continuous process designed to identify, assess, respond and monitor risks that could impact the Group’s ability to achieve its strategic, operational, reporting, and compliance objectives. The ERM process is as follows: The above objectives and processes are applied across the Group’s structural elements such as entity-level, division, business unit and subsidiary. Shaping company's culture, ethical values, risk perception and appetite. Internal Environment Creating goals within the objectives and aligning it with risk appetite Objective Setting Distinguishing between internal and external risks and opportunities. Event Identification Evaluating risk based on likelihood and impact. Risk Assessment Deciding whether to avoid, accept, reduce, or accept risk. Risk Response Establishing internal controls. Control Activities Capturing and sharing information to support informed decisions. Information and Communication Continually evaluating and optimising business and risk processes. Monitoring STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
RkJQdWJsaXNoZXIy NDgzMzc=