Integrated Annual Report 2021

In 2021, the COVID-19 pandemic had necessitated the Group to implement flexible working arrangement as a means to mitigate the spread of the virus at the workplace, while ensuring continuity of day-to-day operations. In order to ensure that employees were able to work remotely from home or other appropriate and approved locations, the deployment of digital platforms for communication and collaboration were encouraged and accelerated. Meanwhile, front liners who were unable to work from home or remotely due to the nature of their roles, had practiced split operations and staff rostering, with very strict adherence to SOPs to minimise exposure and enhance employee safety. Through the operational resilience that MISC has built over the years and the well-executed recovery plans, MISC was able to provide uninterrupted services to its clients, as well as internal and external stakeholders, globally. KEY INTERNAL CONTROL PROCESSES IN ENTERPRISE RISK AREAS As at end of FY2021, MISC conducted 534 self-assessments mainly on Finance, Legal and HSSE risks areas through the MyAssurance system. The purpose of these self-assessments is to ensure that MISC and its subsidiaries comply with the internal governance requirements established under the Group’s frameworks, guidelines and guiding principles. MISC on yearly basis provides an attestation on the system adequacy and effectiveness in managing Risks and Internal Controls as part of the initiatives to sustain strong Corporate Governance. The purpose of this attestation is to provide a reasonable assurance that the enterprise risk mitigation has been adequately and effectively implemented. For FY2021, the attestation shall cover the eleven (11) focused risk areas, namely HSE, Security, Human Resource, Financial, Finance – Financial Reporting Control, Finance – Tax, Information Communications Technology, Legal & Regulatory, Procurement, Project and Reputation. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL GOVERNANCE • CRISIS MANAGEMENT Crisis Management is an integrated process that aims to prepare an organisation to respond and manage crisis in the risk areas, to protect people, environment, assets and reputation. A three-tiered response system provides the demarcation of roles and responsibilities between emergency site management, business segment/subsidiary management, corporate and internal/external response agencies and/or authorities. An incident beyond MISC’s capacity to control and consequently requires action from government and/or other external parties. There may be potential for multiple fatalities and severe damage/injury to assets/personnel and the environment involving neighbouring sites and surrounding communities. A situation where there is danger to life and risk of damage to environment, property and reputation. The incident is within the control of business unit/service unit/subsidiary with limited external assistance. A situation where there is no danger to life, nor risk or damage to environment, property and reputation. The incident is within the control of the unit/site with limited external assistance. Group Crisis Management Team led by President/GCEO Emergency Management Team led by respective MD/CEO or VP Emergency Response Team led by On-Scene Commander Noti cation and Escalation Tier 3 Crisis Tier 2 Major incident Tier 1 Minor incident During the year under review, eight (8) drill exercises were conducted for emergencies on vessels and offshore facilities. Drill exercises carried out via simulation of test scenarios validate the effectiveness of response plans, as well as promote continuous improvement as identified in the Group Crisis Management Plan. Drill exercise programmes were also being carried out at the respective business segments and subsidiaries which include two (2) cyber security table-top drill exercises. • BUSINESS CONTINUITY MANAGEMENT Business Continuity Management (BCM) aims to build the capability of the MISC Group to recover and continue the operations of critical business functions in the event of disruption. Business Continuity Planning (BCP) was established through the BCM process to enhance the MISC Group’s preparedness to recover and restore businesses’ critical functions within a reasonable period of time towards sustaining the Group’s activities and minimising disruptions to stakeholders. Simulation exercises of test scenarios validate the effectiveness of recovery strategies, as well as maintain a high level of competence and readiness as identified in the BCP. Different levels and scenarios of BCP simulations are conducted regularly throughout the Group to ensure high level of preparedness. Business Impact Analysis and recovery plan reviews are carried out on an annual basis to ensure any changes in the organisation are risk-assessed, analysed and mitigated. Other than self-assessment via MyAssurance, amongst other MISC’s internal control processes in Enterprise Risk Areas are as follows: Financial • Limits of Authority The Limits of Authority manual provides a framework of authority and accountability within the organisation and facilitates sound and timely corporate decision-making at the appropriate level in the organisation’s hierarchy. • Reporting The Board reviews quarterly reports from management on key operating performance, legal, environmental and regulatory matters. Financial performance is deliberated monthly by the MC and tabled to the BAC and the Board on a quarterly basis. • Planning and Budgeting The Group performs a comprehensive annual planning and budgeting exercise which involves the development of business strategies for the next five years to achieve the Group’s vision. The long-term strategies are supported by initiatives to be pursued in the upcoming year, and for effective implementation, the initiatives are tied to specific measurable indicators which will be evaluated against the relevant business/service units and subsidiaries’ deliverables. The Group’s strategic direction is then reviewed annually taking into account the current progress level and other indicators such as latest developments in the industry, changes in market conditions and significant business risks. In addition, the Group’s business plan is translated into budgetary numbers for the next five years and financial performance and variance against budget is analysed and reported monthly to the MC and quarterly to the BAC and the Board. • Financial Reporting Control Assurance To enhance the quality of the Group’s financial reports, the Group continues the execution of the PETRONAS Financial Reporting Control (FRC) Assurance. FRC Assurance is a structured process of ensuring the adequacy and effectiveness of internal controls operating within the Group. FRC covers internal controls related to financial reporting based on the identified processes and risks. MISC Berhad 276 Integrated Annual Report 2021 MISC Berhad Integrated Annual Report 2021 277