01 02 Usage of Microsoft 365 cloud storage IT disaster recovery plan, drills and data recovery testing 03 Utilisation of VPNs to protect network connections 04 Installatio as a data n of Acronis backup S E C T I O N 4 S U S T A I N A B I L I T Y S T A T E M E N T 87 SUSTAINABILITY STATEMENT The initiatives taken to ensure compliance with applicable laws and regulations are communicated internally through management meetings, announcements and briefings, and externally through Annual General Meetings, analyst briefings, the REIT’s corporate website and annual reports. All queries are directed to a designated person via email. In the year under review, the REIT is pleased to disclose that no incidents of non-compliance have been recorded. In the Three Lines of Defence models, business line management is the first line, risk management is the second and internal audits are the third Risk Management Managing risks appropriately is crucial for long-term strategy planning and futureproofing the business as a REIT. Risk management within the REIT falls under the purview of the Board Audit and Risk Management Committee (“BARC”) which is assisted by the Enterprise Risk Management Committee (“ERMC”). These committees are mainly responsible for ensuring risk management is integrated in the Manager’s day-to-day operations, and identifying risk parameters, appetite, profiles, treatment options, action plans and indicators. As per the Enterprise-Wide Risk Management (“ERM”) Policy and Framework, the Manager reviews risks on a quarterly basis. All findings are compiled in a detailed risk register where the main risk categories are strategic, financial, operational, compliance, IT and integrity risks. In the year under review, the Manager has decided to update the ERM Policy and Framework, effective 2 December 2021. The updates have considered MCCG’s emphasis on ESG-related risks, internal changes to the governance structure, standard operating procedures (“SOPs”), the timely execution of mitigation plans and establishment of the Three Lines of Defence model. The Manager also targets to adopt an ESG Risk Profile in the first quarter of FY2022. Corporate Governance and Business Ethics Day-to-day processes are governed by internal SOPs which address business development, internal controls, risk management, compliance, IT, talent management, finance and operations. The values, principles and expectations of professional conduct within Al-Salām REIT are further upheld through the Manager’s Code of Conduct and Business Ethics (the “Code”). The Code contains clear guidelines on how employees and associates are expected to behave, as well as the disciplinary actions in the event of non-compliance. The Code is complimented by policies such as the Whistleblowing Policy and Anti-Bribery and AntiCorruption Policy (“ABAC Policy”) and Manual. These policies and procedures are communicated to employees via email, briefings, training sessions and posters. Risks are communicated to employees and risk owners during briefings and training programmes. Risk owners are specified at the Risk Identification stage and are responsible for reporting the progress of mitigation plans at weekly Management Committee meetings. To ensure efficient communication of risks and mitigation plans, the ERMC conducts quarterly meetings. In FY2021, the Manager conducted training on Risk Profiling in February, and held a risk refresher workshop in August. To manage the risks posed by the pandemic, the Manager has implemented various business continuity measures, particularly in relation to digital transformation.
RkJQdWJsaXNoZXIy NDgzMzc=