152 AL-SALĀM REIT ANNUAL REPORT 2023 RISK MANAGEMENT The Board Audit and Risk Committee The review of the effectiveness of risk management and internal control is carried out at least quarterly. The board delegates its role in the review process to the BARC, which is chaired by an Independent Director who is also a member of the Malaysian Institute of Accountants and the Malaysian Institute of Certified Public Accountants. The board as a whole, is committed and responsible for the execution of the delegated role of the BARC primarily related to the outcome of the review and disclosure of key risks and internal control. The main responsibilities of the BARC are: • To assist the Board in ensuring a sound and robust Enterprise Risk Management framework and its implementation to enhance risk-based Corporate Governance practices. The Terms of Reference and main duties of the BARC about risk management are detailed on the website at www.alsalamreit.com.my. • To assist the Board in assessing the effectiveness of the Group’s internal control systems and overseeing the financial reporting. The BARC also reviews the adequacy and integrity of the Group’s internal control systems and management information systems, including compliance with applicable laws, rules, directives, and guidelines through internal audit functions. The BARC with the Board Investment Committee, after deliberation with the Management also sets the risk appetite parametres revolving around key risk areas: Strategic, Finance, Operations, Compliance, Market, Partnerships, and ESG (Environmental, Social, and Governance) Risks. The Enterprise Risk Management Committee The ERMC supports the BARC in carrying out its oversight role. The ERMC ensures implementation and compliance with the Enterprise Risk Management Frameworks, enterprise risk management programmes, and monitoring of risk mitigation performance. The ERMC also sets the strict direction for risk roles, responsibilities, and risk reporting structures within the organisation. The ERMC meeting, is chaired by the CEO and comprise of respective head of departments and/or Risk Owners. The function of the ERMC is to drive risk management guided by the ERM Policy and Framework to ensure effective identification of emerging risks and management of identified risks through the implementation of appropriate controls and risk treatment strategies. The discussions relating to risk management, and risk profiles are carried out through the ERMC which sits every quarter. Apart from focusing on risk management and external/internal audit matters, the ERMC also monitors Business Continuity Management Issues and Whistle-blowing channels. To ensure transparency and objectivity concerning whistle-blowing and fraud detection, all reports will be channelled directly to the Integrity Officer and the Chairman of the BARC. The ERMC and the BARC, when reviewing the management reports, assesses the following: • Consider what the significant risks are and assess how they have been identified, evaluated and managed; • Assess the effectiveness of the related system of internal control in managing the significant risks, having regard in particular to any significant failings or weaknesses in internal control that have been reported; • Consider whether necessary actions are being taken promptly to remedy any significant failings or weaknesses; • Consider whether early warning indicators are in place to alert management of potential risk events and whether these indicators have been effectively communicated throughout the company; • Assess whether management’s processes provide reasonable assurance that significant risks which impact the company’s strategies and objectives are within levels appropriate to the company’s business and approved by the board. • Consider whether the findings indicate a need for more extensive monitoring of the system of risk management and internal control; and • Evaluate the possibility of emerging risks likely to happen in the future and the need to put in place the appropriate controls. The ERMC makes periodic reports to both the BARC risk management issues/ mitigation actions undertaken to keep the BARC apprised and advised of all aspects of the enterprise risk management, and significant risks and risk trends. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROLS
RkJQdWJsaXNoZXIy NDgzMzc=