Board

(Executive

Management)

Vision

Divisions & SBU

(Senior Management &

Mid-Management)

Strategic Objectives

& Goals

Operation/Functions

(Executives & Staff)

Operational Goals

& Target

Business

Objectives

Hierarchy

External

Risks

Internal Risks

Frame of

Reference

Organisation

Hierarchy

Aligned

The Board reviews the effectiveness of the risk management and internal control system through the following monitoring

and assessment mechanisms:

•

Quarterly reviews on the Group’s actual financial and operational performance versus planned performance and

other key financial and operational performance indicators.

• Reviews of specific transactions, projects or opportunities are also discussed between the Management and the

Board as and when required. This allows the Board and Management to manage potential risks.

• The ARC deliberates and discusses reports issued by the GIA and external auditors pertaining to financial,

operational, governance, risk management and control matters. The status of preventive and corrective actions for

issues discussed are also updated to the ARC to enable monitoring of the actions.

The responsibility for day-to-day risk management resides with the Management of each business unit where they are

the risk owners and are accountable for managing the risks identified and assessed. In managing the risks of the Group,

the GIA will collaborate with the Management in reviewing and ensuring that there is on-going monitoring of risks, the

adequacy and effectiveness of its related controls, and that action plans are developed and implemented to manage the

risks within the acceptable level by the Group.

In this regard, the risk management process has been established to provide the foundations and arrangements for risk

owners in identifying, implementing, monitoring, reviewing, and continually improving risk management throughout

the company. The process ensures that information about risk is adequately recorded and reported for reference. The

Group’s risk assessment process is adopted from the MS ISO 31000:2010 guidelines as depicted below:

Statement on Risk Management

and Internal Control

MONITORING & REVIEW

CONSULTATION & COMMUNICATION

RISK ASSESSMENT



Identify existing controls & actions to mitigate risks



Determine inherent & residual risk ratings



Determine date to implement risk mitigation actions

Define

processes,

activities /

objectives

Identify

risk

Analyse

risk

Evaluate

risk

Treat

risk

Risks Profile

& Parameter

Annual Report 2020

kumpulan Fima Berhad

(197201000167)(11817-V)

110