158 AL-SALĀM REIT ANNUAL REPORT 2023 (d) Policies & Frameworks Documented policies and procedures are also in place subject to review every now and then to ensure that it maintains their effectiveness to support the REIT’s business activities. The Manager has revised the following policies and frameworks in the year under review: - The Limit of Authority ("LOA") Manual: The policy was reviewed by the Management and tabled & approved by the Board of Directors on 18 April 2023. - ERM Policy & Framework: The policy was reviewed by the Management and tabled to the BARC on 17 August 2023 and approved by the Board of Directors on 1 June 2023. - Procurement Policy: The policy was reviewed by the Management and tabled to the BARC on 16 November 2023 and approved by the Board of Directors on 30 November 2023. - Investment Policy: The policy was reviewed by the Management and tabled to the BARC on 16 November 2023 and approved by the Board of Directors on the 1 of December 2022. (e) Digitalisation ICT Policy & Compliance The REIT Manager adheres to JCorp Group policy and adopts the JCorp digitalisation and IT strategy, approach and digital maturity roadmap. The Internal ICT audit and system are monitored reviewed yearly to ensure compliance and standard operating policy and procedures. Business Continuity Management & Disaster Recovery Plan The annual testing on data recovery is undertaken annually, and the results are monitored and presented by the appointed outsourced service provider at the Management Committee Meeting and the BARC. Risk-related issues, if any would be escalated to the Board and the regulatory bodies immediately. Cybersecurity & Awareness As part of prevention activity, the JCOrp Group has conducted an overall assessment, i.e. penetration test, on the ICT systems (hardware and software) and from the results with recommendations, measures have taken place to proactively monitor, prevent, contain and recover from vulnerabilities. ICT awareness campaign was also implemented through education and announcements, to make business users cautious about hackers. (f) Monitoring of Operational Performance and Financial Targets Strategic Planning and Mid-year Review The Strategic Planning and Mid-year Review are prepared by the Manager on an annual basis and tabled to a special Board meeting for approval. Analysis and reporting of variances against budget are presented to the Board and the Trustee quarterly, which form part of the monitoring mechanism and mitigation of any risk/ fallback from the financial targets. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROLS
RkJQdWJsaXNoZXIy NDgzMzc=