p.241 1 2 3 4 5 6 7 8 9 GOVERNANCE p.240 UEM EDGENTA BERHAD INTEGRATED ANNUAL REPORT 2022 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL The Group adopts the following risk rating matrix to articulate the relationship between risk impact and likelihood: Risk Rating Risk Impact Likelihood Insignificant Minor Moderate Major Catastrophic Certain Medium Significant Significant High High Likely Medium Medium Significant Significant High Possible Low Medium Medium Significant High Unlikely Low Medium Medium Significant Significant Remote Low Low Medium Medium Significant e. Risk Response Risk treatment involves developing a range of responses and options for mitigating the risks. The Group adopts the 4Ts (Take, Treat, Transfer & Terminate) strategy in responding to the identified risks and qualifies these risks according to the acceptable levels by the relevant risk owners and stakeholders. Summary of Risk Management Activities Risk management activities undertaken for the financial year at the Group and subsidiaries to instil a proactive risk management culture and ownership are as follows: Integrity & Compliance Integrity & Compliance are the foundation and values in our dayto-day decision-making and business practices. UEM Edgenta is committed to uphold its integrity and compliance value in carrying out its business operations. The Group has embarked on the journey to obtain the international accreditation of MS ISO 37001:2016 Anti-Bribery Management System (ABMS) as a testament to our zero tolerance against corruption. In line with the regulatory requirements, UEM Edgenta had adopted best practices and has the following framework, policy & procedures in place: Code of Conduct for Directors and Employee U EM Edgenta’s Code of Conduct for Directors and Employee expresses our commitment to build trust in our business ecosystem, and it outlines ethical behaviour standards in our business activities, accompanied by important policy statements. Code of Conduct for Business Partners (“COCBP”) UEM Edgenta’s Code of Conduct for Business Partners sets the expectations for our dealings with this key stakeholder group. Business Partner’s Letter of Declaration (“BPLOD”) The Business Partner’s Letter of Declaration has been established to maintain a high standard of integrity in our business operations and ensure business partners embrace the spirit of commitment to integrity and high ethical standards as set out in UEM Edgenta’s Code of Conduct for Business Partners. Compliance Framework The framework aims to establish and embed the culture of ethics and integrity, consistent with the values of the organisation and promote the culture of commitment to lawful and ethical behaviour. Third-Party Risk Management Framework This framework is to safeguard the interests of stakeholders by ensuring that third-party risks are adequately and properly managed to mitigate the impact on reputation, operations, and financials of UEM Edgenta. Compliance checks include: - Evaluation of the Third-Party’s governance, values, code of conduct, anti-corruption programme and policies - Checks of evidence of good practice compliance Anti-Bribery & Anti-Corruption (“ABAC”) Policy Statement At UEM Edgenta, we strive to uphold our core values and to present ourselves with integrity, ethics, and accountability as essential components which the Company and its employees must harness at both professional and personal levels. Anti-Bribery & Anti-Corruption (“ABAC”) Guide U EM Edgenta takes a zero-tolerance approach to bribery and corruption and is committed to adhering to the highest standards of ethical behaviour in the conduct of all its business dealings and relationships. This is an essential guide to manage bribery and corruption risk. f. Monitor, review and report risks Risk events and trends to be continually reviewed, assessed and monitored. Similarly, risk responses are monitored continuously to ensure that risk responses and mitigations remains relevant and are operating as designed and expected. g. Communication Communication is required for an effective risk management programme. Changing business conditions continuously alters the risk profile of the Group and/or business, hence, frequent and explicit conversations about risk is vital to maintain continued awareness and management of key risks. TAKE Intentionally taking risk due to inherent/ unavoidable risk or to pursue/sustain higher returns, with informed approval by appropriate level TREAT Mitigation plans established to reduce the likelihood & impact TRANSFER Transfer the risk by moving the risk to third party but accountability still resides with Risk Owners TERMINATE Avoidance by not to proceed or continue with a particular activity or seeking alternative means to achieve objective Periodic risk awareness briefings and risk management workshops are conducted as continuous efforts to inculcate a proactive risk-aware culture within the Group. Risk Management Status Reports are produced quarterly at the minimum and are presented to the RMC, BGRC and Board for deliberation and approval. Quarterly review and monitoring implementation of risk action plans by RICD to ensure appropriateness and effectiveness. Identification and reporting of emerging, key business risks and mitigation plans to the RMC, BGRC and Board for deliberation and approval. Provides risk management consultation and advisory services to projects, investment and potential business leads.
RkJQdWJsaXNoZXIy NDgzMzc=