The RMC is entrusted with the responsibility of implementing and maintaining the ERM framework to achieve

the following objectives:

(a) Communicate the vision, role, direction and priorities to all employees and key stakeholders;

(b) Identify, assess, treat, report and monitor significant risks in an effective manner;

(c) Enable systematic risk review and reporting on key risks, existing control measures and any proposed

action plans; and

(d) Create a risk-aware culture and building the necessary knowledge for risk management at every level of

Management.

Board of Directors

Audit and Risk

Committee

Risk Management

Committee

Risk Management

Unit

Risk Management

Function

Group Internal Audit

In line with the achievement of the above objectives, the RMC has undertaken the following activities:

(a) Reviewed the extent of the controls and measures which have been put in place by each Risk Management

Unit (“RMU”) to ensure the risks are managed to an acceptable level. Below are the steps of Enterprise

Risk Management conducted within the Group:

Each RMU

updates the

Risk Profile

indicating

the current

condition of

each risk and

plan

1

Risk

Management

Coordinator

compiles

all the Risk

Profiles

2

RMC review

the Risk

Profiles

together with

RMU annually

3

Risk Profiles

updated with

the updated

controls and

measures to

be taken

4

RMU to

monitor and

report on the

controls and

the condition

of each risk

5

corporate

governance

87