FGV Annual Report 2016

ANNUAL INTEGRATED REPORT 2016 135 Phase 5 Risk treatment Identify controls and responses to manage inherent risks to an acceptable residual risk level. Assess the effectiveness of mitigating controls in collaboration with the relevant risk and control owners. HOW WE ARE GOVERNED STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL MONITORING AND REVIEW The monitoring and review process tracks the current status of the risk profile, detects changes in the risk context and ensures that the controls are adequate in both design and operation. RISK REPORTING Communicate and consult with internal and external Stakeholders, as appropriate, at each stage of the risk management process. REVIEW OF RISK MANAGEMENT In the spirit of ensuring continuous improvement of Risk Management, FGV conducted the following review processes in 2016: • Risk Controls Assessment All risks identifiedare reviewedon aquarterly basis by the RiskOwners and Risk Champions. These quarterly updates are then reviewed by the Cluster Heads, subsidiaries' CEOs and Corporate Centre Heads respectively. • Risk Registers Review GRMD conducts periodic review on the Group's Risk Registers to ensure the risks and their mitigation measures are relevant. Additionally, GRMD conducted specific risk register reviews on selected subsidiaries and corporate centres to identify and communicate improvement opportunities in those risk registers. In 2016, GRMD conducted 29 specific Risk Registers reviews. • Risk Reporting Enhancement In 2016, GRMD has revised its risk reporting template to make the reporting more dynamic. The new reporting template consists of new sections apart from the usual top ten risks e.g. key enterprise & business risks, emerging risks, project risks and reputational risks. • RiskManagement Framework Review FGV engaged an external consultant to review FGV Group Risk Management Framework. The findings and recommendations of the consultant were tabled to BGRMC and the Board. On 24 May 2016, the Board approved a two-year roadmap for GRMD to implement and put the recommendations in place. • RiskManagement Process Review Annually Group Internal Audit undertakes audit of the risk management process of the Group. GRMD obtains advice from Group Internal Audit in regards to any improvement required to enhance the effectiveness of the risk management process. • Business Continuity Plan (BCP) Documentation Review GRMD has conducted review on the effectiveness of the BCP Documentation, together with Business Continuity Management (BCM) Coordinators across the Group. The BCP Documentation is designed to cater for every business stream. Business mitigation strategy is reviewed and revised according to the business operation environment annually. These practices ensure the Group are well versed with their BCP Strategy and thus, be able to respond efficiently in the event of a disaster. RISK ASSESSMENT Phase 1 Establish context Establish the strategic, organisational and risk management process context by considering the environment within which the risks are present. Phase 2 Risk identification Identify all uncertain future events that may impact the achievement of objectives, which form the basis for further analysis. Phase 3 Risk analysis Assess risks in terms of impact and probability, and plot them on the FGV risk matrix to derive a prioritised list of risks for further action. Phase 4 Risk evaluation Establish an understanding of the risks by considering the relationship between the causes, risks and consequences and thus enable us to evaluate key risk mitigating controls.