Risk Management Process Board of Directors Risk Management Committee Risk Management Department Head of Departments Risk reporting Risk control, monitoring, reporting Risk identification, assessment, prioritisation The RMSC comprises representatives of the Board of Directors together with the Group Chief Executive Officer and Deputy Group Chief Executive Officer and carries out its oversight responsibilities based on formalised risk reporting and operational feedback provided by the Risk Management Department. The Group conducts its overall risk reporting process on a quarterly basis, with emphasis on three principal areas: • Risk Register – covering significant and emerging risks; • Risk Rating – tracking changes in risk status following the implementation of mitigation measures; and • Group Risk Profile – highlighting significant risks and the mitigating controls relevant to the Group’s operations. Key risks are monitored through defined risk indicators and periodic risk reporting, enabling early identification of changes in the Group’s risk exposure. Variations in risk ratings and indicators are analysed and escalated to the RMSC and the Board where necessary for timely management action. Throughout the financial year, Heads of Department across the organisation identify and escalate significant risks arising from their respective areas of responsibility. The Risk Management Department analyses and monitors these risks before presenting them to the RMSC for review, deliberation and direction on appropriate management actions. The Board also reviews and approves a clearly defined risk governance structure that delineates the responsibilities of the respective parties involved, as outlined below. Roles and Responsibilities Board of Directors • Establish the Group’s overall approach to risk management and determine the guiding risk management policies • Identify the Group’s principal risks and ensure appropriate systems and controls are implemented to manage these exposures effectively • Review and approve the Group’s risk appetite • Oversee communication with shareholders and other stakeholders on risk-related matters • Periodically review the Group’s overall risk profile Risk Management and Sustainability Committee (“RMSC”) • Review and recommend the Group’s risk management strategies, policies, and risk appetite/ tolerance levels for approval by the Board • Assess the adequacy and effectiveness of the risk management framework and related policies in identifying, measuring, monitoring, and controlling risks • Evaluate Management’s periodic Group Risk Profile reports to assess the Group’s risk exposure and the effectiveness of risk management activities 219
RkJQdWJsaXNoZXIy NDgzMzc=