MISC Integrated Annual Report 2020

The Board is pleased to provide this Statement on Risk Management and Internal Control pursuant to Paragraph 15.26(b) of the Main Market Listing Requirements (MMLR) of Bursa Malaysia Securities Berhad (Bursa Securities) and as guided by the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers. The following statement outlines the nature and scope of risk management and internal controls within MISC Berhad (MISC or Company) and its subsidiaries (Group or MISC Group) during the financial year ended 31 December 2020 (FY2020). STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL ACCOUNTABILITY OF THE BOARD The Board is responsible for establishing and maintaining a sound risk management and internal control framework with the objective of safeguarding the shareholders’ interest and the Group’s assets, as manifested in the Malaysian Code on Corporate Governance 2017 (MCCG 2017). The Board recognises its principal responsibility to regularly review the adequacy and effectiveness of the risk management and internal control framework. By implementing a sound risk management and internal control systems, it helps the Group to achieve its performance and profitability targets for better decision making whilst managing the risks. In discharging its responsibilities, the Board is supported by MISC’s Board Audit and Risk Committee (BARC) to oversee the risk management and internal control systems during the FY2020. During the year under review, the BARC was further supported by the MISC Risk Management Committee (RMC), which comprises Management Committee (MC) members and Heads of Divisions, to reflect the prominence and focus by management on the oversight of the internal control systems and risk management of the MISC Group. The Board, via BARC, periodically reviews the efficiency and effectiveness of the Group’s internal control systems to ensure viability and robustness of the system. Group Internal Audit (GIA) with its risk-based approach supported the BARC in ensuring that the said internal control systems are in place and effective in dealing with risks during the year under review. Effective 1 January 2021, the Group’s risk management functions will fall under the purview of newly established Board Governance and Risk Committee (BGRC), a standalone board risk committee. Pursuant to the establishment of BGRC, the BARC was renamed as Board Audit Committee (BAC). The oversight of the internal control framework will be retained under the BAC. For more information on the BGRC’s and BAC’s responsibilities, please refer to their respective reports on pages 282 to 289 (for BAC) and pages 290 to 293 (for BGRC) of this Integrated Annual Report. In view of limitations inherent in any process and that risks cannot be eliminated completely, the Group has in place, a system of internal control and risk management designed to manage rather than eliminate the risks that may impede the Group from achieving its objectives. Therefore, it can only provide a reasonable, but not an absolute assurance against material misstatements or losses or the occurrence of unforeseeable circumstances. Thus, the Board adopts a cost-benefit approach to ensure that the expected returns outweigh the cost of risk mitigation. RISK GOVERNANCE STRUCTURE The Group’s risk governance structure facilitates the flow of information and effective oversight on the implementation of risk management practices across our businesses. Risk management activities are undertaken at corporate and business and services units/subsidiary levels and risk reports are reviewed by the RMC prior to deliberation at the BARC. Each appointed and dedicated risk focal person has the responsibility for risk management activities in their respective department to ensure consistent implementation of risk management processes across the Group. The RMC was established to review and monitor the Group’s risk management practices. It is primarily responsible for driving the implementation of the risk management framework and acts as the central platform for the Group. Responsible for overall oversight of MISC Group risk management system and activities Reviews the adequacy and effectiveness of MISC’s Risk Management Framework and on-going activities for identifying, evaluating, monitoring and mitigating risks Reviews the Group’s risk tolerance level Provides a reasonable level of assurance to the BARC that the Group’s risks are being managed appropriately Responsible for implementing risk management processes at respective units Board of Directors Corporate Planning (CP) Reviews and monitors risk reporting quarterly RMC secretariat BARC RMC Risk owners Business unit/ Service unit/ Subsidiary Management level Board level The RMC holds quarterly meetings to review the key risks and at the same time ensure that mitigation plans are in place to manage such risks. The adequacy and effectiveness of the controls and the robustness of the mitigation actions are also addressed. These are then further deliberated at the BARC and finally reported to the Board on a quarterly basis. RISK MANAGEMENT COMMITTEE Assist the management in identifying principal risks at Group level and providing assurance that the Enterprise Risk Management is implemented group-wide to protect and safeguard MISC’s interest Review and recommend policies and frameworks specifically to address risks inherent in all business operations and environment pertaining to the Group Review, deliberate and recommend mitigation actions to ensure that the Group’s risks are being mitigated effectively Provide a reasonable assurance to the BARC that the Group’s risks are being managed appropriately /////// Business Review / Leadership / Governance / Financial Statements / Additional Information / MISC Berhad / Integrated Annual Report 2020 9 294 MISC Berhad / Integrated Annual Report 2020 9 295 / Additional Information / Financial Statements / Governance / Leadership / Business Review /////// Section Section