156 AL-SALĀM REIT ANNUAL REPORT 2023 INTERNAL CONTROL SYSTEMS The Board and Management are committed to maintaining an effective internal control environment by continuously enhancing the design of internal control systems to ensure that they are relevant and effective to promote operational agility while ensuring corporate governance and compliance with regulatory guidelines. The internal control policy is designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations The REIT Managers’ practice of strong internal control is guided by the model of “Three Lines of Defence” as shown below: 1st Level of Defence: Business Line Management - The Senior Management, who are also Head of Departments and members of the ERMC forms the 1st line of defence, primarily responsible for managing processes. - They are also responsible for controlling risks by using business control and compliance frameworks, implementing internal control processes, and adequate control. 2nd Level of Defence: Risk Management Department and ERMC - Responsible for setting ERM Framework and setting of risk appetite/tolerance level - Independent reporting to the CEO and ERMC - Advisor to 1st line ASSURANCE Second Line of Defence First Line of Defence Third Line of Defence Head of Departments, Project Leader, Risk Owners Risk Management, Compliance & Integrity Functions, ERMC Internal Audit, BARC Own, manage and control risk by implementation of neccessary internal control Coordinate, facilitate and oversee XLI IδIGXMZIRIWW SJ XLI VMWO management and internal control activities Provide independent assurance SR XLI IδIGXMZIRIWW SJ XLI VMWO management and internal control activities Control Three Lines of Defence BOARD BOARD COMMITTEES STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROLS
RkJQdWJsaXNoZXIy NDgzMzc=