FGV Annual Report 2017

FELDA GLOBAL VENTURES HOLDINGS BERHAD HOW WE ARE GOVERNED 102 HOW WE APPROACH RISK The achievement of the strategies enshrined in our SP20 (V2) requires a strong risk-centric approach to ensure the Group is always aware and prepared for the myriad risks faced by the business. This underpinned by our robust internal controls and oversight framework are necessary prerequisites to the achievements of the Group’s objectives. OVERVIEW OF OUR APPROACH Effective risk management is an integral part of our business model and is intended to seek opportunities from the risks, lessen the potential impacts in the event risks are crystallised and protect our reputation whilst ensuring profitability and business growth remain paramount. The matrix for oversight, assurance, risk management and internal control is clearly set up in FGV. Our risk management oversight approach is premised on the four lines of defence model, coordinating various players involved and their activities to effectively inculcate sound risk culture. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL BOARD AND BOARD COMMITTEES MANAGE First line of defence - Functions that own and manage risks OVERSEE Second line of defence - Functions that oversee risks, control and compliance ASSURANCE Third line of defence - Internal functions that provide independent assurance Business Clusters Policies and Standard Operating Procedures Group Governance Other Corporate Centres Group Internal Audit Fourth line of defence - set requirements and/or perform independent assurance External Auditors Regulators Other External Bodies Group Risk Management Division Executive Committee & Key Senior Management RESPONSIBILITIES AND ACCOUNTABILITIES The FGV Board acknowledges the principal risks of all aspects of the Group’s business and recognise that business decisions involve the taking of appropriate risks. The FGV Board must ensure that there are systems in place which effectively monitor and manage these risks. For areas pertaining to risk management and internal controls, the Board is responsible for the following: i. Determine the Group’s overall risk appetite, level of risk tolerance and actively identify, assess and monitor key business risks to safeguard shareholders’ investments and the Group’s assets, and communicate the same to the Senior Management; ii. Appraise the Group’s major current and emerging risks and oversee that appropriate risk management and internal control procedures are in place; iii. Consider and approve the Group’s overall risk-reward strategy and framework for managing all categories of current and emerging risks relevant to the sustainability of the Group’s businesses and wellbeing of the Group and its Stakeholders, consistent with its level of risk tolerance; and iv. Ensure proper implementation and review the Group’s internal controls system, which are continually upgraded to mitigate the Group’s current and emerging risks.