1 106 Table of Contents 108 396

FGV Annual Report 2018

REINFORCED OUR STANDARDS OF GOVERNANCE 01 02 05 03 07 06 04 08 09 99 ANNUAL INTEGRATED REPORT 2018 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL RISK MANAGEMENT PROCESS FGV manages, monitors and reports on the key risks and uncertainties that can impact our ability to deliver our strategy while creating long-term Shareholders' value. Our management systems through organisational structure, Policies and Procedures, core values and code of conduct together form a system of internal control that governs how we operate the business of FGV and manage associated risks. Our risk management process is supported by Policies and Procedures which are consistent with the ISO 31000 Risk Management Standard, developed to aid employees in undertaking their risk management responsibilities. The process detailed below is rolled out across the Group and risk profiles are developed at business sectors and corporate centres: RISK REPORTING Communicate and consult with internal and external Stakeholders, as appropriate, at each stage of risk management process. MONITORING AND REVIEW The monitoring and review process tracks the current status of the risk profile, detects changes in the risk context and ensures that the controls are adequate in both design and operation. Identify controls and responses to manage inherent risks to an acceptable residual risk level. Assess the effectiveness of mitigating controls in collaboration with the relevant risk and control owners. Establish an understanding of the risks by considering the relationships between the causes, risks and consequences and thus enable us to evaluate key risk mitigating controls. Assess risks in terms of impact and probability, and plot them on the FGV risk matrix to derive a prioritised list of risks for further action. Establish the strategic, organisational and risk management process context by considering the environment within which the risks are present. Identify all uncertain future events that may impact the achievement of objectives, which form the basis for further analysis. Phase 5 Risk Treatment Phase 4 Risk Evaluation Phase 3 Risk Analysis Phase 2 Risk Identification Phase 1 Establish Context Risk Assessment

RkJQdWJsaXNoZXIy NDgzMzc=