Annual Report 2017
STATEMENT ON RISK MANAGEMENT
AND INTERNAL CONTROL
The ERM framework adopted by the Group encompasses the risk assessment process, organisational oversight and reporting
function to instil the appropriate discipline and control around continuously improving risk management capabilities. Risk
assessment, monitoring and review of the various risks faced by the Group are a continuous process within the key operating
units with the RMC playing a pivotal oversight function.
The ERM assessment was conducted through a combination of workshops and interviews involving the senior management
and the key enterprise risks faced by the Group’s business units are then reported to the Audit Committee on annual basis.
The workshops and interviews conducted have generated the following reports:
• Detailed risk register
• Risk Parameters
• ERM Report
These reports were summarised as risk profile and provide the basis for the following:
• Business action plans and improvement strategies;
• Developing cost effective control strategies; and
• Prioritisation of areas for operational audit.
All subsidiaries within the Group will update and present their risk profiles to the RMC on an annual basis for the RMC’s review
The Group’s ERM programme is supported by the Risk Management Policy and Procedures (“the Policy”) which is consistent
with the current requirements of the Malaysian Code on Corporate Governance 2012. The Policy will sensitise staff more
strongly to risk identification, measurement, control, on-going monitoring, responsibilities and accountabilities.
An overview of the Group’s risk assessment process is depicted as follows:
Determine risk rating