FGV Annual Integrated Report 2019

122 FGV HOLDINGS BERHAD Anti-Bribery Management Systems (ABMS) ISO 37001:2016 Certification GGRM spearheaded the required process in achieving ABMS ISO 37001:2016 certification including documentation of ABMS manuals and SOPs, appointment of certification body, internal auditor training, Top Management and Governing Body review, briefing to site owners and SIRIM audit: stage 1 and stage 2. FGV was successfully awarded the SIRIM certification on 17 December 2019. Corruption Risk Management (CRM) Training Conducted CRM training for companies and corporate centres on the identification of corruption risks and preparation of CRM risk registers. FGV Corporate Governance and Business Integrity Blueprint The Blueprint was launched in May 2019 as a continuation of the previous FGV Integrity Plan (FGV-IP), covering the period from 2019 to 2021 and serving as the strategic long-term plan for FGV Group in enhancing governance and integrity practices in its management processes and business operations. FGV Group Quarterly Risk Report GGRM publishes its Quarterly Risk Report as a reporting tool to inform the Management, Board Committees and Board of the key risks horizon associated with the Group’s business and operations, covering the Group’s Top 10 risks and mitigation details, key risks beyond the risk registers, project risks, reputational risks, emerging risks, Risk Appetite Statements, key incidents and BCM updates, supplemented by monthly one-page risk summaries. OUR GOVERNANCE AND RISK MANAGEMENT CULTURE Continuous integration between strategies, governance and risk management is carried out to ensure a sound approach is embedded into business decision making and aligned with the Group’s strategic objectives and aspirations. Listed below are the key governance and risk management activities undertaken by GGRM to reinforce the governance and risk management culture within the Group: HOW WE ARE GOVERNED STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Project Risk Assessment Assisted the business in performing risk assessments of various business and project proposals based on the revised process by completing a Risk Assessment template as a prerequisite to the investment papers. GGRM ensured sound methodology was applied in the dimensioning and quantification of the relevant project or business risks. Risk Appetite Statement (RAS) RAS is a tool to measure business risk profiles using relevant key risk indicators and to ensure risk profiles are monitored based on a quantifiable methodology and measured against risk tolerance levels. Five additional key risk drivers were incorporated into the existing Group RAS to further strengthen the measurement of the risk profiles. Policies and Limit of Authorities (LOA) Facilitated the formulation of new policies by ensuring compliance to ‘Mother Policy’, conducted challenge process and worked closely with policy owners until approval was obtained from the Board. Reviewed and enhanced existing policies and facilitated challenge sessions with working committees and policy owners. Assisted with the formulation, development and revision of LOAs. Approved Policies and Procedures were deposited into the Compliance Management System. Divisional Risk Reporting Committee (DRRC) Meetings DRRC meetings were held on a quarterly basis where key risk matters in the Quarterly Risk Report were deliberated on and endorsed by the various representatives. The DRRC was established as a think-tank to address and provide updates on matters pertaining to risk management, especially in relation to preparation of quarterly risk reporting. Enterprise Risk Management System (ERMS) and Risk Register Training ERMS awareness and risk register training sessions were conducted to educate staff on system functionalities and provide facilitation on risk assessment process.