Annual Report 2017

99

STATEMENT ON RISK MANAGEMENT

AND INTERNAL CONTROL

The ERM framework adopted by the Group encompasses the risk assessment process, organisational oversight and reporting

function to instil the appropriate discipline and control around continuously improving risk management capabilities. Risk

assessment, monitoring and review of the various risks faced by the Group are a continuous process within the key operating

units with the RMC playing a pivotal oversight function.

The ERM assessment was conducted through a combination of workshops and interviews involving the senior management

and the key enterprise risks faced by the Group’s business units are then reported to the Audit Committee on annual basis.

The workshops and interviews conducted have generated the following reports:

• Detailed risk register

• Risk Parameters

• ERM Report

These reports were summarised as risk profile and provide the basis for the following:

• Business action plans and improvement strategies;

• Developing cost effective control strategies; and

• Prioritisation of areas for operational audit.

All subsidiaries within the Group will update and present their risk profiles to the RMC on an annual basis for the RMC’s review

and approval.

The Group’s ERM programme is supported by the Risk Management Policy and Procedures (“the Policy”) which is consistent

with the current requirements of the Malaysian Code on Corporate Governance 2012. The Policy will sensitise staff more

strongly to risk identification, measurement, control, on-going monitoring, responsibilities and accountabilities.

An overview of the Group’s risk assessment process is depicted as follows:

Preparation

Define processes/

activities/objectives

Identify risks

Identify controls

Determine control

effectiveness

Determine current

residual risk

Risk Profile

Control Assessment

Determine risk rating