27 / 148
Effective risk management and internal control systems are fundamental to the achievement of our strategic objectives.
RISK MANAGEMENT FRAMEWORK
The Group has in place an Enterprise Risk Management (ERM) framework to effectively identify, assess, mitigate and monitor
key business, financial, operational and compliance risks. The framework enables us to adopt a proactive and structured
approach to identifying and managing risks across the organisation with on-going monitoring and review in place.
GOVERNANCE AND OVERSIGHT
The Group is committed to fostering a risk aware and control conscious environment. Responsibility for risk management
resides at all levels within the organisation. The Company Board, through the Company Audit Committee, oversees the
overall management of risks. The Risk Management Committee, supported by Internal Audit, assists the Company Board
and Company Audit Committee to review and monitor key risks of the Group. Management is responsible for identifying
and assessing risks of strategic nature. Operating units are responsible for the identification and management of risks in their
activities. The top-down and bottom-up approaches complement each other and enable us to identify and manage the Group’s
key risks in an effective manner, including material emerging risks at corporate and business unit levels.
RISK MANAGEMENT
Independent Assurance from Internal and External Auditors
Risk Management Framework Governance
Company Board/ Company Audit Committee Oversight
• Has overall responsibility for the Group’s risk management and internal
control systems
• Determine and evaluate the nature and extent of the risks that the Group is
willing to accept in pursuit of the Group’s strategic and business objectives
• Discuss the risk management and internal control systems with
management to ensure management has performed its duty to have
effective systems
Company
Board (Through
Company Audit
Committee)
Risk
Management
Committee
(Chaired by the
Chief Executive
Officer)
Management
Operating Units
Risk Review, Communication and Confirmation to Board /
Audit Committee
• Oversee the Group’s risk profile and assess if key risks are appropriately
mitigated
• Ensure that an ongoing review of the effectiveness of the risk management
and internal control systems have been conducted and provide such
confirmation to the Board, via the Audit Committee
Risk & Control Monitoring
• Responsible for designing, implementing and monitoring the risk
management and internal control systems
• Identify and monitor key corporate risks
• Provide confirmation to the Risk Management Committee on the
effectiveness of the systems
Front-Line Risk and Control Ownership
• Design, implement and monitor risks at business unit level, escalate promptly
on relevant risk issues
• Provide assurance to the Risk Management Committee on the effectiveness
of risk management and internal control activities at business unit level
• Seek continuous process improvement and re-assessment
"Top Down"
Oversight by
Company
Board/
Company Audit
Committee
Assisted by Risk
Management
Committee and
Management
Identify and
Manage Risks at
Corporate Level
"Bottom-up"
Operating Units
Identify,
Manage and
Report Risks at
Business Unit
Level
2016 ANNUAL REPORT
27