FGV Annual Report 2016

FELDA GLOBAL VENTURES HOLDINGS BERHAD 134 HOW WE ARE GOVERNED STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL RISK MANAGEMENT FRAMEWORK At management level, FGV Board is supported by a dedicated Group Risk Management Division (GRMD) which undertakes the following responsibilities: • Reviewing, assessing, enhancing and monitoring the Group's Risk Management Framework including risk management policies and procedures; • Maintaining the Risk Registers of the Group; • Providing guidance to all Group's operations in identifying and assessing risks, developing relevant and effective mitigation strategies to manage the risks; • Preparing risk reports to BGRMC and Board; • Undertaking analysis on specific risks and where necessary, reporting the same to BGRMC and the Board; and • Overseeing the Group's Business Continuity Management. GRMD is divided into three (3) units, namely Strategic Risk Management (SRM), Enterprise Risk Management (ERM) and Business Continuity Management (BCM). The role of SRM is to facilitate risks identification process and assist the development of risk mitigation plans so that the Group could achieve its strategic vision and aspirations, whilst ERM facilitates business units in establishing their respective risk registers and assist the business units to identify their respective enterprise risks and develop the necessary risk mitigation plan to manage those risks. The BCM's primary function is to assist the companies within the Group to develop continuity planning to ensure operations or enterprises will have minimal downtime and appropriate disaster recovery processes are in place. GRMD liaises with the Risk Owners, who are customarily the heads of Business Clusters and Corporate Centres. The Risk Owners are supported by their respective Cluster Risk Champions and Risk Champions. The Cluster Risk Champions and Risk Champions are individuals nominated as representatives of the respective clusters, subsidiaries or corporate centres, to coordinate with the Risk Owners in identifying, evaluating, managing and monitoring their respective key risks. They are also tasked with ensuring the implementation of the action plans to effectively mitigate the risks identified. Matters related to risks and mitigation plans are deliberated in the EXCO meeting prior to them being escalated and tabled to the BGRMC and subsequently to the Board. An overview of the Group's Risk Management Framework is depicted below:- Board of Directors Board Governance & Risk Management Committee Executive Committee Group Risk Management Division Risk Owners RISK MANAGEMENT PROCESSES We manage risks by incorporating measures into corporate and operating plans to require mitigation of risks if they exceed our appetite and tolerance. Our Risk Management Processes are supported by policies and procedures which are consistent with the ISO 31000 Risk Management Standard, developed to aid relevant personnel in undertaking their risk management responsibilities. The process detailed below, is rolled out across the Group, and risk profiles are developed at business clusters, corporate centres, and subsidiaries.