2019 UEM Edgenta Annual Report

127 UEM Edgenta Berhad UEM EDGENTA AT A GLANCE MESSAGE FROM OUR LEADERSHIP STRATEGIC FOCUS OPERATIONAL REVIEW SUSTAINABILITY EFFORTS CORPORATE GOVERNANCE INTRODUCTION FINANCIAL REVIEW ADDITIONAL INFORMATION Annual Report 2019 Statement on Risk Management and Internal Control Procurement As a member of UEM Group Berhad, UEM Edgenta is guided by UEM Group’s Procurement Policy. We have established a Standard Operating Procedure (“SOP”) aligned to the Group Procurement Policy encompassing three key areas, namely, General Procurement, Project Tender & Outsourcing and Contract Management. The potential risks with regard to these three areas is mitigated through procedural governance and compliance as detailed in the SOP. The SOP is reviewed periodically and updated as and when required to ensure continuous improvement in internal controls and taking into consideration process improvement as well any new changes in the group procurement policy. We have included new additional provisions for Compliance with HSSE Management Requirements in the procurement terms and conditions to enhance safety awareness and accountability amongst our contractors. Insurance on Assets Sufficient insurance coverage and physical safeguards on the Group assets, including its human resources are in place to Business Continuity Management Emergency and Crisis Management Recovery and Restoration Management Emergency Response Procedures (“ERP”) Crisis Communications Plan (“CCP”) Crisis Management Plan (“CMP”) Disaster Recovery Plan (“DRP”) Business Continuity Plan (“BCP”) Procedures to manage potential and actual emergency situations with Environmental, Safety & Health (“ESH”) implication Procedures to manage communications when a crisis is imminent or has struck Procedures to manage a crisis mainly dealing with major emergencies to minimise any damage Procedures to recover and protect business IT infrastructure to support business operations Procedures to recover and restore business operations to normality Safety and health of people maintained Communication occurs effectively Crisis managed timely and effectively IT applications / data protected People relocate and resume operations effectively Process Document Nature of Document Objective of Document Diagram 1 – BCM Plans Relationship with Other Documents A live crisis simulation exercise was carried out, which includes emergency evacuation drill, call tree exercise, mobilisation to recovery site and recovery of critical business functions. These exercises cover the areas of emergency response plan, crisis communication plan, IT disaster recovery plan, crisis management plan and business continuity plan as referenced to the table above. The BCM programme will continue with the aim to deliver resilience and BCM awareness across the Group. ensure adequate coverage against any mishap that could result in material loss. Coverage typically includes damage to or theft of assets; liability coverage for the legal responsibility to others for accidents, bodily injury or property damage; and medical coverage for the cost of treating injuries and illness, rehabilitation and death. Insurance coverage is reviewed regularly to ensure sufficient coverage in view of changing business environment or assets. Business Continuity Management (“BCM”) According to the International Standard & Best Practice, BCM is a holistic management of disruption. For all intents and purposes, each plan within an organisation is interlinked and makes a whole. Diagram below illustrates how these plans relate to each other: