2019 UEM Edgenta Annual Report

121 UEM Edgenta Berhad UEM EDGENTA AT A GLANCE MESSAGE FROM OUR LEADERSHIP STRATEGIC FOCUS OPERATIONAL REVIEW SUSTAINABILITY EFFORTS CORPORATE GOVERNANCE INTRODUCTION FINANCIAL REVIEW ADDITIONAL INFORMATION Annual Report 2019 Statement on Risk Management and Internal Control Risk Management Risk Management Framework • The RMF provides the foundation and organisational arrangement for managing risk across the Group. It illustrates how risk management is embedded in the organisational systems and integrated at all levels and work contexts, making risk consideration part of our day-to-day decision-making and business practices. • Principally aligned with ISO31000:2010, the RMF include scope and objectives, emphasis on enterprise-wide risk assessment and management, and Risk Control Effectiveness Indicators (“RCEI”), which measure the appropriateness and effectiveness of risk countermeasures based on demonstrated / observed improvements on key business, operating and financial parameters. • The RMF aims to: - Establish common risk language, modus operandi and direction with regard to risk management; - Convey the Group policy and attitude to risk management; - Set the policy, methodology, scope and application of risk management; - Detail the process for escalating and reporting risks; - Establish the roles and responsibilities for managing risk; - Facilitate open communication between management and the Board with respect to risk; encourage proactive decision making; and build an appropriate culture of integrity and risk awareness. KEY FEATURES OF RISK MANAGEMENT FRAMEWORK Information & risk reporting • The RMF has been communicated to staff of relevant levels and will be reviewed for continuous improvement. Clarify objectives Communicate Monitor, review & report risks Respond to risks Establish context Identify risks Assess risks Board of Directors Risk Management Committee Risk, Integrity & Compliance Department Risk Owners (Company / Joint Venture / Business Unit / Division / Department / Function / Project / Process & etc.) Risk Management Unit Committee Policy & review Risk Management Approach • The Group adopts a formal and structured approach for risk assessment process. • The methodology comprises sequential steps of risk management activities that are interrelated and iterative. The process applied to the whole of a business (enterprise level) or to any part of a business (divisions, departments, functions, business units, projects, processes). Risk Appetite the amount of risk that the Company is prepared to accept or retain in pursuit of its business objectives and value Risk Assessment Methodology Risk Governance and Structure Board Governance and Risk Committee