Serba Dinamik Annual Report 2016

088 SERBA DINAMIK HOLDINGS BERHAD Company No.1167905 P STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL (Cont’d) 2. RISK MANAGEMENT (CONT’D) A. Risk Management Function (Cont’d) 1. Risk Governance The Group’s risk governance sets out the roles and responsibilities of the Board, the risk committees and the parties involved in the three lines of defense for risk management which consists of the business and support units as the first line of defense, risk management and compliance units as the second line of defense, and internal audit, the third line of defense. The Board is assisted by the ARC to oversee the management of all identified risks. Risk Management Function of the Group provides main support to the ARC and Management Executive Committees in meeting their responsibilities and is responsible to develop and maintain risk management policies and procedures that are responsive to changes in or expansion of business activities and developments in the operating environment. 2. Risk Register The Group’s risk register defines the amount and types of risk that the Group is able and willing to accept in pursuit of its business objectives. It also reflects the level of risk tolerance and limits to govern, manage and control the Group’s risk-taking activities. The risk register of the Group is articulated via a set of risk indicators and risk limits. All entities within the Group are required to develop risk indicators and risk limits that have considered the respective entities’ strategic business directions, risk taking capacity, risk profile and the operating environment. The processes for setting, cascading, monitoring and ongoing review of the risk register are set out in the Group Risk Register Framework. The Risk Register is comprised of a series of unrelated spreadsheets across a combination of business units and risk types. The registers are to: • use a system of unique Risk IDs that provide a linkage of risk to the Group’s core strategies and functional business areas; • list the risks which could cause losses to be incurred and possible causes; • list the consequences; • provide an assessment of the risks; • detail the existing risk mitigators; • provide an assessment of the strength of the mitigators; • provide an assessment of the risks; • detail any action plans to reduce residual risks. Whenever any functions or systems are developed or changed, or new strategies, products or projects are considered, management is required to carry out a risk appraisal. This review is carried out using the procedures and tools set out in the Group Risk Management Methodology. The respective Risk Register is to be updated accordingly. 3. Risk Management Process The information gathered at each stage of the Risk Management Process should be documented in the Group Risk Registers. In creating the Risk Register, the risk owners (i.e. the persons who are actually accountable for managing the risk and its consequences) can satisfy themselves that they have defined and properly addressed the real risk. It makes it easier to review the risks and ensure that they continue to be complete, relevant and accurate having regard for both internal and external changes. A structured approach to risk management which balances risks against returns is established for all relevant and material risks.