Serba Dinamik Annual Report 2016

2016 Annual Report 087 STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL 1. INTRODUCTION This Statement on Risk Management and Internal Control is made pursuant to Main Market Listing Requirements (“MMLR”) which require the Board of Directors (“the Board”) to include in its Annual Report a statement about the state of its risk management and internal control. Accordingly, the Board is pleased to provide the Statement on Risk Management and Internal Control that has been prepared in accordance with the “Statement on Risk Management and Internal Control – Guidelines for Directors of Listed Issuers” endorsed by Bursa Malaysia Securities Berhad. The Board has ultimate responsibility for the oversight of enterprise risk management and satisfying itself that the risk management framework is sufficiently robust and sound. The Board has overall responsibility for the Group’s risk management and internal control system and for reviewing its adequacy and effectiveness. The Board ensures that the risk management and internal control system manages the Group’s relevant and material risks within its risk register in the Group’s pursuit of its strategies and business objectives. The Board continually reviews the system to ensure that the risk management and internal control system provides a reasonable but not absolute assurance against material misstatement of management and financial information and records or against financial losses or fraud. The Board has established an ongoing process for identifying, evaluating and managing the relevant and material risks encountered by the Group and a key aspect of this process is the adoption of the three lines of defense model which sets out clear risk management and control responsibilities of the parties involved. The process for assessing the adequacy and effectiveness of the risk management and internal control system is regularly reviewed by the Board, which is assisted by the Audit & Risk Committee (“ARC”). The Management is responsible for ensuring that the day-to-day management of the Group’s activities is consistent with the risk strategy, including the risk register and policies approved by the Board. To this end, the key responsibilities of the Management in respect of risk management are as follows: • Ensuring that all relevant and material risks associated with the Group’s business operations have been identified and assessed to determine whether the risks are within the Group’s risk register. • Designing, implementing and monitoring of the risk management and internal control system in accordance with the Group’s strategies and overall risk register. • Identifying changes in the operational environment which give rise to risks or emerging risks and taking appropriate actions and the prompt escalation of the identified risks and actions to the Board. 2. RISK MANAGEMENT The key processes that the Board has established in reviewing the adequacy and effectiveness of the risk management and internal control system include the following: A. Risk Management Function The Risk Management Function is responsible for the development and the implementation of the Group Risk Management Framework which sets out the key principles of risk governance, and the development of risk management practices and tools which enable the continuous identification, measurement, controlling and monitoring of all relevant and material risks of the Group including the identification of emerging risks. The key elements of the Group Risk Management Framework which is approved by the Board are as follows: