Risk Management
Risk Management is one of the key strategies that will help the Group achieve its business goals and grow sustainably. The Group’s corporate risk management policy and framework focuses on strong risk management with systematic risk management process according to the standards of the Committee of the Sponsoring Organizations of the Treadway Commission (COSO) to be able to manage risks efficiency in considering various risks related to use in making business decisions.
The Company focuses on building a strong risk culture at all levels of the organisation, starting from the Board of Directors and all levels of executives as leaders and active proponents of an efficient and consistent risk management process, promoting understanding, providing support through training and activities to encourage people to apply risk management in their operations until it becomes an organisational culture. Risk management coordinators are appointed from each business unit to coordinate and report on risk management between the risk owners and the risk management units.
Risk management in this approach promotes a culture of risk at all levels of the organisation as well as rendering a channel for reporting risks to the Group level, thereby enabling effective risk management.
Types of risks are divided into strategic risk, operational risk, financial risk, legal and regulatory compliance risk, environmental social and community risks including emerging risk.
The Company determines roles and responsibilities among various stakeholders involved in the Enterprise Risk Management Process. This also includes defining risk-related decision-making authorities which is comprised of the Board of Directors is responsible for oversight of the Group Policies and assigning the appropriate members to the Risk Management Committee. The Risk Management Committee is responsible for reviewing the Enterprise Risk Management Group Policy and oversight of the effectiveness of the Group Risk Management and reporting to the Board of Directors at least every 6 months. The Risk Management Working Team consists of Risk Management representatives from each Business Unit. The Woking Team is responsible for Enterprise Risk Management Group Policy, implementation of the Group Risk Management, reporting risks to Risk Management Committee at least every 6 months and monitoring the effectiveness of the Group Risk Management. The Enterprise Risk Management Process comprises of five key activities as: 1) Governance and Culture, 2) Strategy and Objective Setting, 3) Performance, 4) Review and Revision and 5) Information, Communication, and Reporting. To achieve this, the Audit Committee is tasked with responsibility for reviewing the effectiveness and appropriateness of the Enterprise Risk Management Group Policy and provide assurance and advice to the Board of Directors. The Internal Audit Office is responsible for reviewing and assessing the effectiveness of the risk management processes including providing recommendations independently on the adequacy and effectiveness of the Enterprise Risk Management process.
For more details about key risks, please refer to Annual Report 2023/24 (Form 56-1 One Report), Section 4.3: Risk Management Review.