STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Cybersecurity A 5-year MISC Cybersecurity Strategic plan has been formulated under MISC Sustainability Strategy 2025 (Governance Pillar) to provide the roadmap for the continuous maturity of cybersecurity in MISC. The strategy aims to reach a Tier-3 NIST (National Institute of Standards and Technology) maturity level and achieving ISO27001. This strategy is based on the internationally recognised NIST Cybersecurity Framework (CSF) and International Maritime Organization (IMO)/Tanker Management Self-Assessment (TMSA)/Baltic and International Maritime Council (BIMCO) Cybersecurity Framework. A formal cybersecurity team has been established and led by a qualified Chief Information Security Officer (CISO) reporting to the Group HSSE Council. The CISO office provides management oversight in line with the cybersecurity strategy. The strategy comprises of: The progress of all initiatives is reported regularly to the Group HSSE Council. The Board has been appraised of MISC Cybersecurity strategy. Human Resource MISC places great emphasis in nurturing a sustainable and healthy talent pool and promotes a high-performance culture that will support the organisation’s strategic goals. Our talent attraction and retention strategy involves establishing a stringent recruitment process to identify the right candidate, developing our employees through a series of structured development programmes, and recognising and rewarding talents based on merits. Our recruitment processes actively ensure that critical positions are filled within the stipulated time to enable business continuity. Our Performance Management System supports our vision to build a high-performance culture, with performance indicators that align to the organisation’s strategic goals. Progress is regularly tracked through performance reviews that are done twice annually. We have re-introduced expectation settings and quarterly check-ins to ensure clarity in what employees need to achieve, keep track of the progress, and lend support where required. Action plans to address employees’ developmental requirements are prepared and implemented in a timely manner. A structured Succession Planning framework was developed and implemented to identify and develop a leadership pipeline in the Group. The Succession Planning framework takes into account the potential successor’s performance track record, leadership capability and display of the MISC cultural beliefs. The Succession Planning framework also provides development plans to be mapped appropriately for each potential successor in order for them to be ready to assume critical positions as the opportunity arises. A special talent review session led by the Management Development Committee is conducted annually to assess and gauge the identified talent pool’s suitability as well as their readiness level for the proposed critical position. To ensure that the organisation has the right competency and capability, a structured Functional Competency and Leadership Competency framework is applicable to all employees in the Group. The objective of the Functional Competency and Leadership Competency framework is to have a competent and capable workforce through a structured and holistic developmental process, which ultimately feeds into the talent pipeline for the Succession Planning framework. Through the framework, all employees are required to go through the functional and leadership competency assessment where they are assessed against the competency required for their roles and at their job levels respectively. Based on the competency gap identified from the assessment, employees are empowered to identify and propose suitable intervention plans to address their functional competency gap via one-on-one discussion with their supervisors and are enrolled in the structured leadership courses to enhance their leadership skills. The Functional Competency and Leadership Competency framework, together with the Succession Planning framework, demonstrate the Group’s commitment towards developing future leaders of MISC. MISC continuously promotes the well-being of our employees, and this is well-embedded in our Talent Strategy. Post-pandemic, we have introduced a series of well-being initiatives such as Flexible Working Arrangements, employee engagements and employee assistance programmes. Flexible Working Arrangements provide employees the flexibility to balance their personal and professional needs by offering options to work from home or satellite offices and determine their work hours. A series of engagements connect the leaders to the population, promote psychological safety at workplace and encourage open conversations. The employee assistance programmes were introduced to provide access to personalised and holistic support encompassing physical, mental and emotional well-being. Compliance & Ethics As MISC completes the Compliance and Ethics Programme 2020, the next 5-year Compliance and Ethics Programme for 2021 to 2025 has formed part of the Governance and Business Ethics Pillar under the Sustainability Strategy 2021-2025. Compliance & Ethics Programme 2020 Sustainability Strategy 2025 A robust Compliance & Ethics Programme that embeds a mature compliance and ethics culture within the organisation in tandem with MISC’s growth agenda Governance & Business Ethics Pillar [Compliance Programme 2025] approved by Board on November 16, 2020 The Sustainability Strategy 2025, the Strategic priority (Governance Pillar) under the values, assurance, and business ethics, is to continuously embed a culture of strong corporate governance and business ethics and conduct within the organisation. The Governance Pillar maps out the Group’s compliance strategy, objectives, and guidance through the Compliance Management Framework to assist management, business and operations to develop, manage, and maintain the governance required to meet and sustain the compliance strategy and objectives across the Group including the performance of the core functions of an Integrity Governance Unit (IGU) i.e. complaints management, detection and verification of breaches, integrity strengthening and governance management. Cybersecurity Governance Cybersecurity Risk Management Cybersecurity Culture The cybersecurity governance framework outlines the policies and procedures, specifies the cybersecurity control standards and ensures a consistent approach to managing cybersecurity for the Group. Cybersecurity risks are managed by the team based on a group-wide methodology. All projects and implementations of IT facilities will be assessed and remediated prior to handing over to operation. Regular assessments are conducted to identify changes in risk profiles and ensure continuous improvements. Formal and structured cybersecurity campaigns and awareness programmes are conducted combining MISC internal cybersecurity training and email phishing campaigns. On-going cybersecurity announcements are done to provide security alerts and updates of cybersecurity incidents in developing a security culture where everyone understands that cybersecurity is everyone’s responsibility. 231 230 Governance Governance MISC Berhad Integrated Annual Report 2022
RkJQdWJsaXNoZXIy NDgzMzc=