100 DATASONIC GROUP BERHAD GOVERNANCE 05 The key features of the Group’s risk management and internal control system are the three lines of defense model with established functional responsibilities and accountabilities for the management of risks and internal controls of the Group as depicted below:- RISK MANAGEMENT Risk Management Framework and Activities The Group’s risk management framework and methodology is guided by the ISO 31000 Risk Management - Principles and Guidelines represented in brief, as follows:- Additionally, the Standard Operating Procedures (“SOP”) governing risk management processes and reporting procedures are in place to support and outline the policies and procedures for the implementation of the ERM Framework. The efforts to implement formal risk management reviews and reporting as outlined in the ERM Framework continued to improve on a progressive basis and on-going. FIRST LINE OF DEFENCE SECOND LINE OF DEFENCE THIRD LINE OF DEFENCE • Own, manage and control risks by implementation of internal controls in the business operations and activities. • Provided by the Executive Directors, Management and Heads of Department. • Coordinate and facilitate risk management activities routinely among the various business units and/or support & administration functions, including monitoring progress of risk mitigation plans. • Provided by Risk Management function. • Performs regular reviews of the Group’s operations and system of internal controls and risk management. Provide independent assurance on the adequacy and effectiveness of the controls processes implemented by business process owners and Management. • Provided by the Internal Audit Department. Monitoring and Review Risk Identification Risk Analysis Communication and Consuitation RISK ASSESSMENT Risk Evaluation Risk Treatment Establish Content STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
RkJQdWJsaXNoZXIy NDgzMzc=