154 AL-SALĀM REIT ANNUAL REPORT 2023 The ERM Framework is communicated, integrated, and cascaded to all levels each plays its role in in managing risks concerning business processes in the areas of Strategic Planning, Budgeting, Policy Development, Acquisitions/ Investment and Asset Disposals, Performance Management, Building and Asset Management, Integrity, ESG and Business Continuity Management. The diagramme below shows the process to be undertaken in preparing a Risk Profile: The processes involved in the ERM are summarise below: Risk Identification : Finding, recognising, and describing the risks that could affect the achievement of an organisation’s objectives. During the risk identification process, it is important to identify the risks associated with not pursuing an opportunity. Risk Analysis : Risk shall be analysed and assessed to determine the Risk Rating. The risk analysis should start with determining the root causes/sources of risk, assessing the likelihood and impact to produce a Gross Risk Rating (the risk rated before any preventive/ recovery measures are implemented). Risk Evaluation : Risk evaluation involves the exercise of determining the existing key controls on the identified risk, defining the existing Control Effectiveness and the likelihood and impact of producing the Residual Risk Rating. All risk profiles will be rated based on two parametres: Likelihood that the risk will occur X the impact that it has on the business. Ratings of the risks will be tabulated to produce a heat map. The Risk Action : The Risk Mitigation Plan identifies the parties responsible and the timeline for the plan implementation. Plan/Mitigation Plan Scope, Context, Criteria Monitoring & Review n valuatio n entificatio Risk Assessment Risk Treatment Communication & Consultation Risk Ind Risk Analysis Risk E Recording & Reporting STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROLS
RkJQdWJsaXNoZXIy NDgzMzc=