Delivering Sustainable Value For Our Stakeholders Delivering Sustainable Value For Our Stakeholders Press Metal Aluminium Holdings Berhad 118 119 Integrated Annual Report 2023 Upholding Good Governance and Economic Resilience Addressing ESG and Climate-Related Risks Contributing to the fight against climate change, we have developed dedicated ESG and climate-related risk registers where we incorporate ESG and climate-related risks into our risk management process, enabling us to systematically identify, assess and prioritise ESG and climate-related risks and opportunities, along with corresponding management strategies. Parameters in the ERM Climate Risk Register include technology, reputation, and social risks. Following the recommendations of the TCFD issued by the Financial Stability Board (“FSB”), we conducted a climate scenario analysis and identified our physical and transition risks based on 4.3°C and 1.8°C scenarios. OUR VALUE CREATION In FYE2023, we embarked on the following key initiatives to bolster our risk management practices and safeguard the resilience and sustainability of our operations: GOING FORWARD We strive to uphold an effective risk management framework to ensure long-term success for our stakeholders and business sustainability. Strengthening our ability to leverage on risks and opportunities ensures financial stability and protects shareholder value. Our updated Risk Management Policy offers clear guidance and standards for the risk management function. Furthermore, quarterly assessments for midstream and downstream entities promote ongoing surveillance and improvements of our risk management practices. Implementing Assessments and Action Plans Risk assessments were conducted across various business functions to identify and analyse potential risks. Subsequently, risk action plans were developed and implemented to address high-priority risks, along with controls and measures aimed at minimising their impact and likelihood. Instituting Policy Reviews and Operational Monitoring Read more about our approach to risk management in the Statement on Risk Management and Internal Controls section of IAR 2023. Read more on our identified climate-related risks and opportunities in the Climate Change section of SR 2023. Read more on the implications of our identified physical and transition risks in the TCFD Content Index section of SR 2023. OUR APPROACH Ensuring Data Security and Compliance We demonstrate our commitment to safeguarding data information through the guidance from our Information Technology (“IT”) Policy, which serves as a comprehensive rulebook for authorised users. It stipulates the responsible use of IT facilities and emphasises the need to protect them from any damage or liability that may arise from unlawful or inappropriate usage. In addition, a range of IT-based systems, including firewalls and other protective mechanism have been employed to safeguard our systems from external threats. The IT Policy undergoes yearly review to ensure its relevance based on laws and regulations, while periodic updates to our firewall and internal network and continuous improvements to our IT governance and cybersecurity are undertaken where applicable. All data collected, used, processed and stored for our stakeholders, including employees, customers and third parties, comply with both local and global regulations, such as Malaysia’s Personal Data Protection Act 2010 (“PDPA”), as well as our internal policies and frameworks. This necessitates handling data with the adequate level of care and sensitivity, utilising the data solely for authorised purposes and ensuring the data’s safety and privacy. Additionally, any modifications to our data policies and procedures are communicated promptly to our stakeholders to ensure continued compliance and transparency. Our IT Infrastructure unit maintains a cyber hygiene checklist as a guideline to adopt best practices in detecting and preventing cybersecurity incidents through an IT security checklist, IT internal audits and annual IT cybersecurity vulnerability assessments. An IT Compliance & Security Team was established to oversee the Group’s IT policies, SOPs, cybersecurity vulnerability protections and IT governance, ensuring compliance and oversight. OUR VALUE CREATION In FYE2023, we embarked on several key initiatives to bolster our risk management practices and safeguard the resilience and sustainability of our operations. Strengthening Our Cybersecurity Measures To safeguard both our organisation’s and customers’ data, we have adopted enterprise cybersecurity solutions and enhanced our IT security procedures and processes to protect our data against cyber risks. Further to this, we have also enforced multi-level security access for data security as well as implemented scheduled monitoring and assessment of our IT infrastructure to ensure continuous protection. Upholding Good Governance and Economic Resilience CUSTOMER DATA PRIVACY & INFORMATION TECHNOLOGY GRI 3-3, GRI 418-1 M8 WHY IT MATTERS Upholding customer data privacy and cybersecurity resilience is crucial to safeguarding sensitive information and trade secrets from unauthorised access or misuse. With the widespread use of technology and the internet, companies accumulate vast amounts of consumer data, rendering any leakage or breach detrimental due to potential identity theft, financial fraud and other harms. By implementing stringent cybersecurity measures to mitigate cyber threats and attacks, we aim to ensure business continuity, build trust among our stakeholders and safeguard our reputation. UN SDGs Capitals FC IC HC
RkJQdWJsaXNoZXIy NDgzMzc=