p.75 1 2 3 4 5 6 7 8 9 MANAGEMENT DISCUSSION & ANALYSIS p.74 UEM EDGENTA BERHAD INTEGRATED ANNUAL REPORT 2022 RISKS AND MITIGATION RISKS AND MITIGATION Context • A sizeable portion of our businesses is in concessions, especially Healthcare Support and Infrastructure Services, and is subject to a broad range of rules and regulations • Potential exposure to non-compliance and litigation due to the Group’s geographical diversity of its business and customers • Adherence to good corporate governance practices, regulatory and listing requirements in upholding integrity throughout our business undertakings and proceedings • Any adversity could result in the suspension of a necessary authorisation, license, and/ or rights. Lack of regulatory certainty impacts our operations, reputation, and investment decisions Mitigation • The Group has put in place service-level agreements and contracts to govern contractual agreements with its customers, contractors, and vendors • Regular review assessments are undertaken to ensure compliance at all times, with continuous updates on policies and procedures to ensure adequacy, effectiveness, and relevance • Instil a culture of integrity and compliance within the organisation, with the enforcement of internal processes to operations • Maintain close collaboration with regulatory bodies on emerging legal and regulatory requirements and industry standards and practices • Have put in place appropriate Whistleblowing channels as an avenue for employees, stakeholders, and members of the public to report any actual or suspected malpractice, misconduct, or violation of the Group’s policies and procedures Context • Our people are one of our greatest assets and key pillars of success for the Group as it underpins our ability to implement the Group’s strategies and deliver the required services and deliverables to our customers and stakeholders Mitigation • Establish an Employee Value Proposition to offer the best experience for our employees in exchange for productivity and high performance. We don’t only hire the right talent, but also retain the best talent by continuously benchmarking against competitive industry practices • Succession planning framework and plan in place to identify and develop appropriate talents for mission-critical positions • Continuous training and development programs to be undertaken by Edgenta Academy to upskill and reskill our people, and equip them with new skills and knowledge Risk Description Compliance risks relate to the potential of a breach of any laws and/ or non-adherence with any regulatory requirement. Non-compliance may impact the Group’s business operations, legal and regulatory penalties, financial implications, and reputational damage. Risk Description Obtaining and fostering an engaged and talented team that has the knowledge, training, skills, and experience to deliver our strategic objectives is vital to our success. Difficulties in attracting, integrating, and retaining talents and competencies required may impact UEM Edgenta’s sustainable growth and performance. Context • O rganisation-wide, we see technology as a key enabler and the biggest game changer which will allow UEM Edgenta to productise existing technology solutions, develop digital healthcare support, optimise resources, reduce costs, increase productivity and improve our offerings for better customer and operational outcomes • D ue to the growing connectivity of our systems, there is an increasing risk of exposure to cyber threats, malicious threats to corporate cloud networks, breaches of information security, compromised data integrity and privacy and prolonged disruption of UEM Edgenta’s IT ecosystem Mitigation • Continuous monitoring and strengthening of IT security measures via cybersecurity solutions covering the network, application, information, end-user and data security. This includes the enhancement of cloud security, monitoring of critical information, security control (utilising infrastructure security protection solutions via firewall, antispam/virus, vulnerability assessment, penetration tests, and etc). • Regular awareness and constant updates related to cyber threats are provided to all employees to instil the importance of cybersecurity • Disaster Recovery Plan put in place to ensure continuity of key business operations in the event of information and communications technology failure such as malicious activities, cyber-attacks, malware or major equipment malfunction Risk Description Cybersecurity risks relate to the loss of confidentiality, integrity, or availability of information, data, or information (or control) systems and reflect the potential adverse impacts to Edgenta’s operations (i.e., mission, functions, image, or reputation). Cybersecurity risk is linked to the Group’s expansion and growing footprint into the IT environment and digitalisation, increased reliance on the internet as well as increased instances of remote/offsite network access. Context • E SG programmes and disclosure have become increasingly important with stakeholders emphasising on disclosures related to environmental responsibilities, fair wages, health and safety practices, diversity, and corporate governance • T his has resulted in the Group’s concern on ESG matters and its continuous upholding and compliance of these ESG values as a good corporate citizen Mitigation • The Group has put in place a Sustainability Policy, Sustainability Governance Structure and Sustainability Roadmap to ensure the philosophy of sustainability is embraced and incorporated into Edgenta’s operations and activities and the way we deliver our products and services • Ongoing compliance with existing ESG requirements, with continuous monitoring of and adherence to changes in these ESG requirements and policies • Periodic review assessments are undertaken to ensure ESG compliance at all times, with continuous updates on policies and procedures to ensure adequacy, effectiveness, and relevance • Regular engagement with stakeholders across our value chain to understand our material matters, risks, and threats allowing UEM Edgenta to formulate ways and implement initiatives to mitigate these issues • Continuous communication and awareness by fostering conscientious and responsible ESG behaviour among employees, clients, and vendors at all levels Risk Description Investors today have increasingly shifted their attention towards the ESG factors to assess the sustainability and risk profile of companies. ESG considerations can have a range of impacts on an organisation’s financial performance and underlying shareholder value. Researchers found a positive correlation between financial performance and strong corporate ESG policies and practices. ESG risks are those uncertainties and threats to continual improvement of business strategies and operations to sustain growth, trajectory, and long-term resource availability in our value chain through ESG matters. UEM Edgenta’s non-compliance on ESG-related matters may lead to loss of revenue/market share due to a shift in customer preference, loss of investors’ and rating agencies’ confidence, financial penalties from enforcement agencies, and negative brand perception and publicity. COMPLIANCE RISK PEOPLE RISK 4 5 6 CYBERSECURITY RISK 7 ESG RISK
RkJQdWJsaXNoZXIy NDgzMzc=