130 YINSON HOLDINGS BERHAD RISK GOVERNANCE & OVERSIGHT The Governance, Risk Management and Compliance (“GRC”) Department is responsible for coordinating the implementation and continuous enhancement of the Group’s ERM Policy Statement and Framework. GRC facilitates risk identification and assessment processes across the Group, consolidates risk reporting from the businesses, monitors key risk indicators, and provides oversight and independent challenge to management to ensure risks are managed within the approved risk appetite. Additionally, the GRC Department reports key risk issues to the MSC and escalates them to the BRSC for deliberation at Boardlevel. This structured reporting ensures that the Board receives comprehensive, accurate and timely information on the Group’s principal and emerging risks. The Group’s risk governance structure clearly delineates accountability for risk ownership within the business, while GRC provides coordination, oversight and reporting functions. This framework supports consistent application of risk management practices across the Group and enables effective risk identification, monitoring and escalation. The AC oversees the coordination and engagement with internal and external assurance providers to validate the effectiveness of internal controls and identify areas for improvement. Lines of Defence Third Line of Defence External Assurance Providers Second Line of Defence First Line of Defence Description Board of Directors (Board) Internal Audit Risk Owner Risk Owner Risk Coordinator Yinson Production Yinson Renewables Yinson GreenTech Corporate Governance Structure • Monitor ERM Policy implementation, risk reporting and action plans • Assist MSC in managing risk related measures or concerns • Monitor and report all risks to the MSC • Assist MSC in managing risk related measures or concerns • Monitor and report all risks to the MSC • Governance of ERM Policy and Strategy, provide oversight and ensure establishment of ERM processes • BRSC – Oversee and approve company-wide risk management and sustainability practices • AC – Provide objective view and independent report on effectiveness of ERM and internal control system to the Board • Internal Audit (“IA”) – Provide independent Audit Report on ERM and internal control effectiveness Business Unit’s Advisory Board Board Risk & Sustainability Committee (BRSC) Management & Sustainability Committee (MSC) Group Chief Financial & Strategy Officer (GCFSO) Group Governance, Risk & Compliance (GRC) Audit Committee (AC) GOVERNANCE
RkJQdWJsaXNoZXIy NDgzMzc=