Statement on Risk Management

and Internal Control

Board of Directors

Audit and Risk Committee

Enterprise Risk Management Reporting Structure

Risk Steering Committee

Risk Management Unit

Risk Management Function

(Risk owners/Control owners)

Group Internal Audit

2

nd

Line of Defence

3

rd

Line of Defence

1

st

Line of Defence

The RSC, as a sub-committee to the ARC, is entrusted with the responsibility of implementing and maintaining the ERM

framework to achieve the following objectives:

(a)

Communicate the vision, role, direction and priorities to all employees and key stakeholders;

(b)

Identify, assess, treat, report and monitor significant risks in an effective manner;

(c)

Enable systematic risk review and reporting on key risks, existing control measures and any proposed action plans;

(d)

Heightening risk awareness culture in the business processes through risk owners’ accountability and sign-off for

action plans and continuous monitoring; and

(e)

Compilation of the business units’ risk profiles in relation to the Group risk parameters, the top risks from each

business segment.

Below are the steps of compilation of risk information conducted within the Group:

RMU prepares

the Risk Register

indicating the

current condition

of each risk and

plan

Prepare

Compile

Review

Update

Monitor

1

Risk

Management

Coordinator

compiles all Risk

Registers

2

RSC review

Risk Registers

together with

RMU annually

3

Risk Register is

updated based

on the latest risk

information

4

RMU is to

monitor and

report risk

information

5

The Board retains the overall risk management responsibility in accordance with Best Practice of the Malaysian Institute of

Corporate Governance, which requires the Board to identify principal risks and ensure the implementation of appropriate

systems to manage these risks.

Annual Report 2020

kumpulan Fima Berhad

(197201000167)(11817-V)

109