Risk Management Framework The Group has established an Enterprise Risk Management (“ERM”) Framework to identify, assess and understand the inherent risk profile arising from its business activities. Any failure to manage these risks effectively may undermine the Group’s objectives and long-term sustainability. In supporting the Group’s business priorities, the framework categorises risks into strategic, operational, financial and compliance risk areas. The Board continues to review and approve the Group’s risk management framework, while overseeing the Group’s risk and opportunity landscape with the support of the RMSC. In doing so, the Board reviews and monitors the adequacy and integrity of the systems and controls used to identify, analyse, evaluate, manage and monitor significant financial and non-financial risks through periodic assessments. The Group benchmarks risk management practices against ISO 31000:2018 Risk Management – Principles and Guidelines, as well as aligning its framework against the practices of the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) ERM Framework, which is used as a guide to embed ERM best practices across the Group’s key activities, initiatives and operational processes. In addition, the Group structures its risk management framework and reporting approach to align with the National Sustainability Reporting Framework (“NSRF”), as issued by Commission Malaysia, and the Global Reporting Initiative (“GRI”) standards, coordinating the Group’s risk management practices with relevant environmental, social and governance (“ESG”) matters. Further information is provided in the “Integrating Risk Management with Sustainability” section below. Risk Management Framework Risk Management Risk Identification Risk Controls Risk Assessment Risk Monitoring Risk Prioritisation Risk Reporting People, Systems, Operations Responsibility for implementing and maintaining the Group’s risk management framework and internal control processes across the organisation rests with Management, led by the Group Chief Executive Officer and supported by the Deputy Group Chief Executive Officer together with members of the RMSC. The Board exercises oversight of these arrangements and receives assurance on the effectiveness of the Group’s risk management practices and internal control systems through reports and recommendations submitted by the RMSC. Strategic Planning Performance Management Budgeting Corporate Governance AR 2025 | GOVERNANCE 218
RkJQdWJsaXNoZXIy NDgzMzc=