OUR GOVERNANCE 144 Element 5 Principle Adoption by the Group Monitoring Activities 16. The organisation selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. The Group’s internal audit function adopts the COSO Internal Control – Integrated Framework in determining its audit approach and scope, including the evaluation of the effectiveness of internal control. Any gaps identified require the Management to propose corrective actions, which are reported to the AC on a quarterly basis. 17. The organisation evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. Gaps identified, as referred to under Principle 16 above, are communicated promptly to the Management, with agreed timelines for remediation. The implementation of corrective actions is monitored by the respective heads of department and subsequently reviewed by the internal auditors as part of follow-up audits. Risk Management Framework The Group adopts the latest enterprise risk management (“ERM”) framework by COSO i.e., the COSO ERM Framework 2017. The ERM framework consists of the following key components and processes: Component / Process Adoption by the Group Internal Environment The Board sets the tone for effective risk management across the Group and is committed to fostering a strong risk and ethical culture. Oversight is supported by the GRSC, which meets quarterly to review risk reports and monitor the effectiveness of the Group’s risk management framework. The GRSC comprises members with an appropriate mix of skills, experience and independence to provide objective oversight. Risk appetite and governance expectations are communicated to the Management, who are responsible for implementing and maintaining sound risk management and internal control practices within their respective business units. Through regular reporting and oversight, the Board seeks to ensure that risk management principles are consistently embedded throughout the Group. Objective Setting The Group’s risk management process begins with the establishment of clear objectives, which provide the basis for identifying and managing risks. These objectives are aligned with the Group’s overall strategy and are categorised as follows: • Strategic: High level, mission-oriented goals. • Operations: Effectiveness and efficiency of operations. • Reporting: Reliability, timeliness, and transparency of financial/non-financial reporting. • Compliance: Adherence to laws and regulations. Event Identification The Group identifies relevant internal and external events that may affect the achievement of the above objectives. This includes consideration of changes in regulatory requirements, market and economic conditions, technological developments and key operational activities. Event identification is carried out through periodic risk assessments and structured discussions to ensure that potential risk and opportunity events are recognised in a timely manner. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
RkJQdWJsaXNoZXIy NDgzMzc=