Discussion and deliberation of key and significant risk events breaching thresholds as well as the proposed mitigations. Provide guidance to management to ensure the Group’s risks are being managed appropriately. Review and discuss all risk events breaching thresholds set. Report risk events breaching thresholds for Primary Risks and other pertinent risk critical to the Group. Review and report the status of the proposed mitigation action plans. Review and discuss risk events breaching thresholds as well as the proposed mitigations. Shortlist of key and significant risk events breaching thresholds. Continuous monitoring of risk level identified under the Primary Risks. The performance of Primary Risks is monitored using KRI. Any change or movement in the KRIs, will provide an early warning. KRIs that breach set thresholds are reviewed by CP before presentation to RMC for discussion on a quarterly basis. Significant breaches are raised to the BSRC for discussion and deliberation. Mitigation to eliminate/minimise risk exposures are deliberated at RMC and BSRC. Identify risks and existing controls via risk assessment. Establish risk rating based on matrix and record into Risk Registers. Select appropriate risk treatment option. Risk Profiling Risk Monitoring Risk Reporting Corporate Planning RMC BSRC STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL ERM FRAMEWORK Governance • Risk policy • Risk organisation structure • Roles & responsibilities Context Setting • External context • Internal context • Risk appetite • Risk criteria Risk Assessment • Risk identification • Risk analysis • Risk evaluation Risk Treatment • Risk treatment strategy • Risk treatment plan Monitoring & Review • Risk reporting & monitoring • Risk information system Continual Improvement • Risk assurance • System monitoring & review • Capability building • ENTERPRISE RISK MANAGEMENT The Group has implemented risk management best practices in the form of an ERM framework which ensures all business risks are prudently identified, evaluated, treated and managed accordingly to achieve MISC’s business objectives. In sustaining the achievement of business objectives, it is important to manage risks across the Group on an integrated basis with a balanced view of the risks taken against the rewards of business performance. The business/service units and key subsidiaries are required to perform an annual review of their risk profiles with an emphasis on linking these risks to MISC’s business objectives. The risk management process in MISC requires management to identify business risks at the strategic, operational and tactical levels, while having considered the environment, social and governance risks and to assess these risks in terms of likelihood and magnitude of impact, as well as to identify and evaluate the adequacy of mechanisms in place to manage these risks. The Group recognises the importance of climate risk and their impact on our businesses. In 2022, in line with ESG risks, climate risks were also identified and included as part of the enterprise risk management process. This is to assess the risks and impacts of climate change, and to strengthen the Group’s resilience towards achieving our business objectives amidst the challenges associated with climate change. The inclusion of climate change related risks are also in line with the Task Force on Climate Related Financial Disclosure (TCFD) recommendations. This process involves assessments at business/service units and subsidiaries before being examined at the Group for a more holistic and strategic view. The Group maintains a risk register, which comprises a list of primary risks critical to the Group and their corresponding risk mitigations and Key Risk Indicators (KRIs), derived from the businesses. The KRIs are reviewed and identified to monitor the movement of risks quarterly, thus enabling the management to act quickly and take the necessary measures in managing risks to ensure that the Group’s initiatives are implemented effectively, and business objectives are met. For the purpose of risk reporting, on a quarterly basis, the status of the mitigation action plans identified to manage these risks and their existing internal controls and breaches to the KRI thresholds are monitored, updated and reported to the RMC, BSRC and subsequently to the Board. In essence, the risk management processes are as follows: 223 222 Governance Governance MISC Berhad Integrated Annual Report 2022
RkJQdWJsaXNoZXIy NDgzMzc=