S E C T I O N 5 C O R P O R A T E G O V E R N A N C E 113 STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL Senior Management Management Controls Internal Control Measures 1st Line of Defense Financial Control Security Risk Management Quality Inspection Compliance 2nd Line of Defense Internal Audit 3rd Line of Defense External audit Regulator Governing Body / Board / Audit Committee Enterprise Risk Management (ERM) Policy & Framework In order to achieve a sound system of risk management and internal control, the board and management ensure that the risk management and control framework is embedded into the culture, processes and structures of the company. The framework was designed to be responsive to changes in the business environment and clearly communicated to all levels. The Manager plans and executes activities to ensure that the risks inherent its management of the Fund are identified and effectively managed to achieve an appropriate balance between realizing opportunities for gains while minimizing losses to the Fund. The Board adopted the enhanced Enterprise Risk Management : ("ERM") Framework. The ERM Policy & Framework has been enhanced with the Group’s risk profiles being updated and action plans formulated and monitored focusing on principal business risks. It also identified the ERM reporting structure and frequency of reporting, the responsibilities of the Board Committees for ERM, the key elements of the risk assessment process and also specifies the level of risk tolerance expressed through the use of a risk consequence and likelihood matrix. Identified key risks of the group were assessed and recorded in the risk profiles. The risk owners are to monitor and timely update their risk profiles on an on-going basis. The update of the risk profiles includes changes to operational, financial and compliance risks and the identification of emerging risks arising from changing business conditions as well as the adequacy and effectiveness of the related controls. Advice from the Risk management Department, ERM Committee and BARC are updated in the Risk Profiles as a method to improve mitigation plan to address residual risks. Being in the REIT, it is inherent that the Fund is facing with the key risks such as acquisition risks, capital management risks which include management of gearing levels and alternative means of funding expansion of property portfolio and fund growth and ensuring optimisation of returns to unitholders. The ERM process evaluation are undertaken by the ERM Committee every quarterly a year to assess and evaluate risks that may impede the Group from achieving its strategic and operational objectives, as well as developing action plans to mitigate such risks and to monitor Mitigation Performance. The result of the risk updates was deliberated on the root cause causes, existing controls, severity, impact and action plans to address the top risk of the organisation at the BARC meetings. The updated risk profile was used as a basis to develop a risk-based internal audit plan for the financial year ended 31 December 2021, which was approved by the BARC. Results of the risk review were then reported to the Board for endorsement and approval. On 15 November and 2 December 2021, the BARC and the Board approved the revision of the ERM to include a more detailed designation of risk management responsibilities across in ERM reporting structure. The designation of responsibilities includes the 3-line defence model by the IIA. The revised ERM reporting structure and designation of responsibilities is as below: Adapted model of Three Lines of Defence (The Institute of Internal Auditors, 2013)
RkJQdWJsaXNoZXIy NDgzMzc=