STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROLS INTERNAL CONTROL SYSTEMS (CONT’D) The REIT Managers’ practice of strong internal control is guided by the model of “Three Lines of Defence” as shown below: BOARD BOARD COMMITTEES Three Lines of Defense Control ASSURANCE Senior Management Own, manage and control risk by implementation of neccessary internal control Risk Management, Compliance & Integrity Functions Coordinate, facilitate and oversee the effectiveness of the risk management and internal control activities Internal Audit Provide independent assurance on the effectiveness of the risk management and internal control activities First Line of Defence Second Line of Defence Third Line of Defence 1st Level of Defence: Business Line Management - The Senior Management, who are also Head of Departments and members of the ERMC forms the 1st line of defence, primarily responsible for managing processes. - They are also responsible for controlling risks by using business control and compliance frameworks, implementing internal control processes, and adequate control 2nd Level of Defence: Risk Management - Responsible for setting ERM Frameworks - Independent reporting to management and BARC - Advisor to 1st line 3rd Level of Defence: Internal Audit - Assurance about design and effectiveness - Reporting to Management and BARC - Advisory role to improve process Key Features of Internal Control The key elements and/or features of the internal control system established for maintaining strong corporate governance are as follows: (a) Organisation Structure and Reporting Lines The organisation structure and delegation of responsibilities are communicated across all levels, from the Board to the project/ risk owners in the organisation which set out, amongst others, authorisation levels, segregation of duties and other risk and control procedures. 138 CORPORATE GOVERNANCE 1 2 3 5 6 AL-`AQAR HEALTHCARE REIT ANNUAL REPORT 2023
RkJQdWJsaXNoZXIy NDgzMzc=