Primary responsibility and accountability for ensuring the risk management framework and internal controls are applied across the Group is overseen by the Group Chief Executive Officer and supported by the Group Managing Director and the rest of the members in the RMC. The Board receives reasonable assurance on the effectiveness of the Group’s risk management practices and internal control systems as reported and advised by the RMSC. The RMSC comprises representatives from the Board of Directors and Group Managing Director who are guided by formalised risk reporting and operational feedback provided by the Risk Management Department. The overall risk reporting process is conducted quarterly with emphasis on three key focus areas: • Risk Register - encompassing significant and potential risks; • Risk Rating - recording changes in risk status upon the implementation of mitigation measures; and • The Group Risk Profile - highlighting significant risks and mitigating controls pertinent to the operations of the Group. Throughout the financial year, any significant risks highlighted by the respective Head of Departments within the organisation are monitored and analysed by the Risk Management Department and reported to the RMSC for their deliberation and management decision. The Board endorses a clear and defined risk organisation structure that outlines key responsibilities held by respective groups as defined below: Board of Directors Risk Management Committee Risk Management Department Head of Departments Risk reporting Risk control, monitoring, reporting Risk identification, assessment, prioritisation Risk Management Process Roles and Responsibilities Board of Directors • Identify principal risks and ensure implementation of appropriate systems to manage these risks • Determine the risk management policy • Approve risk management philosophy; and • Communicate with external shareholders and other stakeholders and review the risk profile of the Group Risk Management and Sustainability Committee (“RMSC”) • Review and recommend risk management strategies, policies and risk appetite/ tolerance for board’s approval • Review and assess adequacy of risk management policies and framework in identifying, measuring, monitoring and controlling risk and the extent to which these are operating effectively; and • Review management’s periodic Group Risk Profile reports on risk exposure and risk management activities Risk Management Department • Review adequacy and effectiveness of risk management process and system; • Review and present to the RMSC the broad terms risk guidelines and risk appetite of the Group quarterly • Review identified key risks of the Group’s operations • Report to the RMSC on material and pervasive findings which exceeded the risk appetite • Guiding the Business/Operations Head in identifying, evaluating and managing key risks; and • Monitor progress of action plans to address key risks identified Risk owners (Head of Department/ Head of Divisions) • Implement the risk management processes approved by the Board • Submits quarterly updates via the risk register to the Risk Management Department to be presented to the RMSC for review and evaluation; and • Identify potential and actual risks associated with their respective process; highlights the risk in the risk register and makes appropriate recommendations and controls to mitigate the risk 212 ANNUAL REPORT 2024
RkJQdWJsaXNoZXIy NDgzMzc=