Key Internal Control Processes in Enterprise Risk Areas STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL • CRISIS MANAGEMENT Crisis Management is an integrated process that aims to prepare an organisation to respond and manage crises in the risk areas, to protect people, the environment, assets and reputation. A three-tiered response system provides the demarcation of roles and responsibilities between emergency site management, business segment/subsidiary management, corporate and internal/external response agencies and/or authorities. During the year under review, several drill exercises were conducted for emergencies on vessels and offshore facilities via simulation of test scenarios to validate the effectiveness of response plans, as well as promote continuous improvement as identified in the Group Crisis Management Plan. Drill exercises which include cyber security table-top drills were also carried out at the respective business segments and subsidiaries. • BUSINESS CONTINUITY MANAGEMENT Business Continuity Management (BCM) aims to build the capability of the MISC Group to recover and continue the operations of critical business functions in the event of disruption. Established through the BCM process, the Business Continuity Planning (BCP) enhances our preparedness to recover and restore essential business functions within a reasonable time to sustain business activities and minimise stakeholder disruption. Frequently, we simulated test scenarios to validate the effectiveness of recovery strategies and maintain a high level of competence, readiness and preparedness as identified in the BCP. Our annual Business Impact Analysis and recovery plan reviews are carried out to ensure that any changes in the organisation are risk-assessed, analysed, and mitigated. In 2022, we focused on instilling awareness and strengthening communication on CM and BCM. Therefore, a series of training and exercises were organised throughout the Group which included Cybersecurity, Oil Spill and Crisis Communication. Our established flexible working arrangement enabled all office employees to work remotely from home. We accelerated the deployment of digital platforms for communication and collaboration to ensure teams could work remotely and effectively. The recent COVID-19 pandemic has proven that office employees are able to work remotely just as efficient as working in the office with the deployment of digital platforms. Through the operational resilience that MISC has built over the years and the well-executed recovery plans, MISC was able to provide uninterrupted services to its clients, as well as internal and external stakeholders, globally. In 2022, the MISC Group Management Framework (MGMF) was developed which functions as a definitive management guide, that aligns MISC Group’s activities on an integrated platform. The MGMF is intended to provide a first point of reference for the MISC Group with guiding principles for the following areas: Other than self-assessment via MyAssurance, amongst other MISC’s key internal control processes in Enterprise Risk Areas are as follows: Financial • Limits of Authority (LOA) The LOA manual provides a framework of authority and accountability within the organisation and facilitates sound and timely corporate decision-making at the appropriate level in the organisation’s hierarchy. • Reporting The Board reviews quarterly reports from management on key operating performance, legal, environmental and regulatory matters. Financial performance is deliberated monthly by the MC and tabled to the BAC and the Board on a quarterly basis. • Planning and Budgeting The Group performs a comprehensive annual planning and budgeting exercise which involves the development of business strategies for the next five years to achieve the Group’s vision. The long-term strategies are supported by initiatives to be pursued in the upcoming year, and for effective implementation, the initiatives are tied to specific measurable indicators which will be evaluated against the relevant business/service units and subsidiaries’ deliverables. The Group’s strategic direction is then reviewed annually taking into account the current progress level and other indicators such as the latest developments in the industry, changes in market conditions and significant business risks. In addition, the Group’s business plan is translated into budgetary numbers for the next five years and financial performance and variance against budget is analysed and reported monthly to the MC and quarterly to the BAC and the Board. • Financial Reporting Control Assurance To enhance the quality of the Group’s financial reports, the Group continues the execution of the PETRONAS Financial Reporting Control (FRC) Assurance. FRC Assurance is a structured process of ensuring the adequacy and effectiveness of internal controls operating within the Group. FRC covers internal controls related to financial reporting based on the identified processes and risks. An incident beyond MISC’s capacity to control and consequently requires action from Government and/or other external parties. There may be potential for multiple fatalities and severe damage/injury to assets/personnel and the environment involving neighbouring sites and surrounding communities. A situation where there is danger to life and risk of damage to environment, property and reputation. The incident is within the control of Business/Service Unit/Subsidiary with limited external assistance. A situation where there is no danger to life, nor risk or damage to environment, property and reputation. The incident is within the control of the unit/site with limited external assistance. Notification and escalation Group Crisis Management Team led by President/Group Chief Executive Office (CEO) Emergency Management Team led by respective Managing Director (MD)/CEO or Vice President (VP) Emergency Response Team led by On-Scene Commander Tier 3 Tier 2 Tier 1 Minor incident Major incident Crisis Corporate Governance and Communication Values Decision- making Philosophy Approach to Governance Management MISC Excellence Management System (ExMS) The purpose of this document is to give an overview of MISC Group, including its organisational structure, operating model and governance framework. This document then introduces the Management System, which defines how MISC Group fulfils its obligations to regulators, employees, customers, shareholders, and the community. During the year under review, MISC conducted 754 self-assessments mainly on Finance, Legal and HSSE risk areas through the MyAssurance system. The purpose of these self-assessments is to ensure that the Group complies with the internal governance requirements established under the Group’s frameworks, guidelines and guiding principles. 225 224 Governance Governance MISC Berhad Integrated Annual Report 2022
RkJQdWJsaXNoZXIy NDgzMzc=