Al-`Aqar Healthcare REIT Annual Report 2020

AL-`AQAR HEALTHCARE REIT Annual Report 2020 90 Statement on Risk Management and Internal Control Introduction Pursuant to Paragraph 15.26 (b) of the Listing Requirements and the Malaysian Code on Corporate Governance 2017 (“MCCG 2017”) with regards to the Manager’s/Fund’s state of internal control, the Board of Directors (“Board”) is pleased to present below the Statement on Risk Management and Internal Control during the financial year under review and up to the date of approval of this statement, prepared in accordance with the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers (“Guidelines”) which was by the Institute of Internal Auditors Malaysia and adopted by Bursa Malaysia Securities Berhad and taking into consideration the recommendations of the MCCG 2017. Board’s Responsibility The Board affirms its responsibility for the Fund’s system of risk management and internal control which includes the establishment of an appropriate internal control environment and risk management framework as well as reviewing its adequacy and effectiveness to safeguard shareholders’ investments and the Fund’s assets. The system has been put in place is to ensure that risks and their corresponding mitigation plans are effectively managed, monitored and reviewed effectively. These are done through periodical reports to the established committees through which the Board discharged its duties. Risks that are critical to strategic and business objectives are escalated to the Board level to provide reasonable assurances against material misstatement or loss. The Board has received assurance from the Chief Executive Officer, Head of Finance and the Head of Compliance and Risk Management Department that the risk management and internal control system is operating adequately and effectively, in all material aspects. Enterprise Risk Management (ERM) Framework In order to achieve a sound system of risk management and internal control, the board and management ensure that the risk management and control framework is embedded into the culture, processes and structures of the company. The framework was designed to be responsive to changes in the business environment and clearly communicated to all levels. The Manager plans and executes activities to ensure that the risks inherent in its management of the Fund are identified and effectively managed to achieve an appropriate balance between realizing opportunities for gains while minimizing losses to the Fund. The Manager has first established an Enterprise Risk Management Framework (“ERMF”) in 2018 which sets out the risk management governance, guidelines, processes and control responsibilities and underpins the Enterprise Risk Management Policy (“ERM Policy”). It seeks to ensure that there is a consistency to the methods used in managing risks throughout the organisation, both at the strategic and operation level and to ensure that the risk management efforts are aligned with the Fund’s business objectives. It also outlines enhanced and explicit requirements for managing risks and assists in understanding the impact of uncertainties inherent in business decisions especially impacts relating to the COVID-19 outbreak and the MCO in business operations and strategic direction. Further revision was made in 2019 to incorporate a new Earnings per Unit threshold in risk appetite/risk tolerance. The third revision of the ERMF was presented during the Board of Director’s meeting dated 25 November 2020 and duly approved. The latest revision tightens the risk management processes by adding a mitigation performance parameter, the timeline and the recommendations/assessment of the risks by the CRMD Department. In addition to the above improvement, the Board has also approved the setup of BARC, which is chaired by an Independent Director and comprises of another Independent Director and one Non-Independent Directors. The BARC is put in charge of the following roles and responsibilities: (a) Provide guidance and advice on appropriateness of risk treatment option selected and risk action plans development; (b) Articulate and challenge risk ratings, control effectiveness, risk treatment options and risk action plans identified by risk owners; and (c) Provide an independent view on specific risk and control issues, the state of internal controls, trends and events.

RkJQdWJsaXNoZXIy NDgzMzc=