STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL The RMC holds quarterly meetings to review the key risks and at the same time ensure that mitigation plans are in place to manage such risks. The adequacy and effectiveness of the controls and the robustness of the mitigation actions are also addressed. These are then further deliberated at the BSRC and finally reported to the Board on a quarterly basis. MISC’s Risk Policy guides the overall best practice of identifying, evaluating, managing, reporting and monitoring the ever-changing risks faced by the Group and specific measures to mitigate these risks. The emphasis is to effectively reduce the impact of risks, respond to immediate risk events and recover from prolonged business disruption to ensure continuity and sustainability of key business activities as well as delivery of business objectives. It also outlines the general principles for making risk-based decisions, thus strengthening MISC’s position as a risk-resilient organisation. Risk Policy Risk Management Framework The Group’s risk management framework is used to identify, evaluate and manage the principal risks of the Group as described in Risks and Mitigations Strategies on pages 71 to 75 of this Integrated Annual Report. Appropriate internal control systems are also implemented to manage these risks, details of which are set-out in the following pages. Risks across the Group are being managed on an integrated basis within stipulated and approved risk management governing documents and Limits of Authority (LOA). Evaluations of those risks are incorporated into the decision-making process. The risk governing documents as set out below provide a structured and consistent approach in the implementation and institutionalisation of risk management practices across the Group. MISC is committed to become a risk-resilient organisation. MISC shall continuously strive to implement: • Risk management best practices to protect and create value within the set boundaries; and • Risk-based decision-making by providing a balanced and holistic view of exposure to achieve business objectives. Managing risk is everyone’s responsibility. The Board adopts the PETRONAS Resiliency Model which provides an integrated view for managing risks effectively and is also guided by international best practice on risk management as per ISO 31000. The model focuses on three (3) areas of business resilience as shown below: To improve the likelihood and impact of identified risks that may affect the achievement of business objectives. To prepare the Group to respond and manage crisis in the risk areas, to protect people, environment, assets and reputation. To build capacity of the Group to recover and continue the operations of critical business functions in the event of disruptions. Business Continuity Management (BCM) Crisis Management (CM) Enterprise Risk Management (ERM) PETRONAS Resiliency Model Risk Assessment in Decision Making Guideline Project Risk Assessment Framework Enterprise Risk Management Framework MISC Risk Policy Enterprise Risk Management Process Manual Defines the goals, purpose and commitment on risk management Sets out the foundation of ERM practices to assess, treat, monitor and review risks A tool to assess risk associated with a project in various stage-gates Guide to achieve comprehensive and pervasive risk-based decision making Structured approach in developing and managing risks through effective monitoring and reporting 221 220 Governance Governance MISC Berhad Integrated Annual Report 2022
RkJQdWJsaXNoZXIy NDgzMzc=