Annual Report 2016
CORPORATE
GOVERNANCE
REPORT
Principle 11:RiskManagement and InternalControls
The Board has overall responsibility for the management of the Group’s key risks to safeguard
shareholders’ interests and its assets.TheAChasbeen tasked toassist theBoard in theoversight of
the riskmanagement and internal control systemswithin theGroupwhile theownershipof day-to-
daymanagement andmonitoringof existing internal control systems aredelegated toManagement
which comprise theExecutiveDirectors andkeymanagement personnel of theGroup.
TheAC, with the assistance of the internal auditors, reviews the adequacy and effectiveness of
theGroup’s internal control systems, includingfinancial, operational, compliance and information
technology controls and risks management policies and systems established by theManagement
onanannual basis. Inaddition, theexternal auditorswill highlight anymaterial controlweaknesses
within theGroup discovered in the course of the statutory audit.Anymaterial findings from both
the internal and external auditors togetherwith the improvement recommendations are reported to
theAC. TheACwill review the internal and external auditors’comments andfindings, ensure that
there are adequate internal controlswithin theGroup and followupon actions implemented.
As theenvironment inwhich theGroupoperateschanges, risksandopportunitieschange.Basedon
the enterprise-wide riskmanagement framework (“ERMFramework”) established andmaintained
in theGroup,Management at all levels are expected to constantly review the business operations
and the environment that the Group operates in order to identify areas and ensure mitigating
measuresarepromptlydeveloped toaddress these risks.Aspartof the framework, risk registerswere
established to document the key risks, risk appetite, risk tolerance, risk evaluation andmitigating
controls. Management will regularly review the key risks, both existing and emerging new risks;
determine thekeyowners for the risks identified; ensuring treatmentmeasures formitigating these
risksarepromptlyandproperly implemented; andensuringpoliciesandcontrolsarecompliedwith.
Management reports to theAConaquarterlybasis.Appropriatemitigatingactions inmanaging the
key risks, aswell as actionplans to address thegaps are considered anddocumented.
TheERMFramework is complementedby theGroup’s systemof internal controls,which includes
theCode of Conduct, documented policies and procedures, proper segregation of duties, approval
procedures and authorities aswell as checks-and-balances built into thebusiness processes.
For2016, theBoardhas receivedassurances from theCEOand theCFO that thefinancial records
have been properly maintained and the financial statements give a true and fair view of the
Group’s operations andfinances, and theGroup’s riskmanagement and internal control systems
are adequate and effective.
Basedon theERMFramework established, reviews carriedout by theAC, theworkperformed
by the internal and external auditors and assurance from the Management, the Board, with
the concurrence of the AC, is of the opinion that the internal controls and risk management
systemsmaintained byManagement during the financial year and up to the date of this report
are adequate and effective in addressing the risks relating tofinancial, operational, compliance
and information technology controls and to meet the current scope of the Group’s business
SUSTAINABILITY
-
62
-
Sustainability
