151 CORPORATE GOVERNANCE STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROLS The governance structure dictates the segregation of the roles and responsibilities of the Board, BARC, the ERMC and other key personnel; which are summarised as below: The Board also carries out an annual assessment of risk management and internal control on all significant aspects of risks and internal control of the REIT in its Strategic Planning report, particularly on: • The nature and extent of significant risks, in the current and upcoming years; • The company's ability to respond to changes in its business and the external environment; • The work of its internal audit and risk management (where applicable) units and other assurance providers; • The incidence of significant control failings or weaknesses that were identified at any time and their impact on the company's performance or condition (financial or otherwise); • Any events that impacted the achievement of objectives that were not anticipated by management; and • The adequacy and effectiveness of the risk management and internal control policies as a whole. The Board and the BARC Responsibilities Governing overall risk oversight responsibility including defining the appropriate governance structure and risk appetite. Process • Articulates and provides direction on risk appetite, organisational control environment and risk culture. • Provide an independent view on specific risk and control issues, the state of internal controls, trends and events Internal Audit Responsibilities • Provide independent assurance design and effectiveness on an organisation's risk management, governance and internal control processes are operating effectively. • Assurance about design and effectiveness Process Perform risk-based internal audit and independent reporting to Management and BARC ERMC/ Compliance & Risk Management Department Responsibilities • Oversees the operationalisation of risk management strategies as well as frameworks and policies. • Independent reporting to the management and BARC • Advisor to Business Line Management/Risk Owners Process Monitors the consistent enforcement of ERM policy, reviews and endorses risk parametres, risk appetite, risk profile, and treatment options and risk action plans. Business Line Management/ Risk Owners Responsibilities • The Senior Management is primarily responsible for managing process, • They are also responsible for controlling risks by using business control and compliance frameworks, implementing internal control processes, and adequate control • Manage day-to-day risk inherent in business activities as guided by the established risk strategies, frameworks, and policies Process Identification and assessment of risk, implementation, and monitoring of risk action plans.
RkJQdWJsaXNoZXIy NDgzMzc=