193 CORPORATE GOVERNANCE REPORT Integrated Annual Report 2025 The Enterprise Risk Management Framework The Manager applies a comprehensive ERM Framework to systematically identify, evaluate, and prioritise risks across the organisation. The framework is depicted as below: The ERM Framework combines governance, structured processes and integration with core activities to ensure consistent risk identification, assessment, mitigation and monitoring. Supported by clear roles, risk appetite, digital tools and alignment with strategy, budgeting, acquisitions, ESG and BCM, the framework emphasises continuous monitoring and competency-building to foster a strong risk culture. STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL ENTERPRISE RISK MANAGEMENT FRAMEWORK OKRs and New Internal Controls Continuous Monitoring & Embedment OKRs and New Internal Controls Continuous Monitoring & Embedment OKRs and New Internal Controls Continuous Monitoring & Embedment OKRs and New Internal Controls Continuous Monitoring & Embedment ERM PROCESS ERM INFRASTRUCTURE ERM INTEGRATION • Vision/Mission Governance & Compliance Structure • Board/ Management Mandate/ LoA • ERM Reporting Structure & Frequency • ERM Roles & Responsibilities • Risk Appetite/ Parameters • Digitalisation & Automation • Strategic Planning & Financial Management • Policy, Frameworks & SOP • Decision Making • Acquisitions/ Investment/ Divestment • Leasing • Building and Asset Management, • Sustainability Management - Climate & Emerging Risks • Compliance • Business Continuity Management/ Incident Data Analysis ERM EDUCATION The Three Lines of Defence Model Awareness/Sharing Sessions Continuous Education Competency Assessment Change Management
RkJQdWJsaXNoZXIy NDgzMzc=