8 6

Corporate GovernanCe

The ERM assessment was conducted through a combination of workshops and interviews involving the senior management

and the key enterprise risks faced by the Group’s business units are then reported to the Audit Committee annually. The

workshops and interviews conducted have generated the following reports:

⊲

Detailed Risk Register

⊲

Risk Parameters

⊲

ERM Report

These reports were summarised as risk profile and provide the basis for the following:

⊲

Business action plans and improvement strategies;

⊲

Developing cost effective control strategies; and

⊲

Prioritisation of areas for operational audit.

All subsidiaries within the Group will update and present their risk profiles to the RMC on an annual basis for the RMC’s review

and approval.

An overview of the Group’s risk assessment process is depicted as follows:

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

mo n i t o r i n g & r e v i e w

c o n s u ltat i o n & c ommu n i c at i o n

r i s k a s s e s s m e n t

• Identify existing controls & actions to mitigate risks

• Determine inherent & residual risk ratings

• Determine date to implement risk mitigation actions

Risks

Profile &

Parameter

Treat risk

Evaluate

risk

Analyse

risk

Identify

risk

Define

processes/

activities/

objectives