OUR GOVERNANCE 142 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Element 1 Principle Adoption by the Group Control Environment 1. The organisation demonstrates a commitment to integrity and ethical values. The Group has established policies to promote integrity and ethical values across the organisation. These include the code of conduct and ethics, antibribery and anti-corruption policy, whistleblowing policy, and sustainabilityrelated policies. These policies available on the Group’s intranet, and training is conducted to promote awareness and compliance. 2. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. The Group has established a Board Charter and Board Committees’ Terms of Reference. The AC comprises solely independent directors, while the GRSC comprises majority independent directors. Both the AC and GRSC supports the independence of the Board and effective oversight of the Management’s accountability. The AC, GRSC and the Board meet quarterly to review the effectiveness of the Group’s system of internal control. 3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. The Group maintains an organisational structure with defined reporting lines. Written job descriptions are established for each role and are communicated to employees upon appointment and updated as and when changes occur. 4. The organisation demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. The Group has a structured recruitment process, with the Human Resources Department working closely with hiring managers to ensure the appointment of suitably qualified and competent personnel. Training and development programmes are provided to sustain and enhance employee competencies. 5. The organisation holds individuals accountable for their internal control responsibilities in the pursuit of objectives. Employee performance is measured against established key performance indicators (“KPIs”) and criteria assessed annually. Appraisal outcomes are used to determine appropriate rewards and corrective actions, reinforcing accountability across the Group. Element 2 Principle Adoption by the Group Risk Assessment 6. The organisation specifies objectives with sufficient clarity to enable the identification and assessment of risks related to objectives. The Group’s high-level objectives are cascaded to departmental and individual KPIs, which are documented in departmental risk registers and individual KPI records. 7. The organisation identifies risks to the achievement of its objectives across the entity and analyses risks as a basis for determining how the risks should be managed. The Group has implemented its ERM framework as described in the Risk Management Framework section of this Statement. 8. The organisation considers the potential for fraud in assessing risks to the achievement of objectives. Fraud risk is assessed across all functions as part of the Group’s risk management process, and potential fraud risks are also considered within the internal audit scope. 9. The organisation identifies and assesses the changes that could significantly affect the system of internal control. As part of quarterly risk management reporting to the GRSC, the GRSC and the Management evaluates relevant PESTEL factors that may affect the Group’s operations. Internal and external events and changes are also considered during ERM workshops.
RkJQdWJsaXNoZXIy NDgzMzc=