GOVERNANCE 04 Sect ion Ranhi ll Ut i l i t i es Berhad 126 Statement on R i sk Management and Internal Control The Board regards risk management as an important component that underpins the Group’s strategic planning process and business operations. It is on this premise that the Board has the following guiding principles to instill a culture of robust risk management across the Group: • Risk Management Policy The Risk Management Policy and procedures coordinate and standardize the understanding and application of the Enterprise Risk Management (“ERM”) framework within the Group. Also, to create a strong awareness amongst employees on risk identification, measurement, control, on-going monitoring, responsibilities and accountabilities. • Escalation of Risk and Incident Policy This Policy covers the process of escalating significant risks and incidences of disaster to Senior Management and the Board members of the Group in a timely manner. • Corruption Risk Management Policy This Policy lays out an overall framework to identify, assess and report possible corruption risks that might expose the Company’s stance of zero tolerance on corruption which must be strictly adhered to by all employees of the Company. • Risk Assessment Reviews Under the Risk Management Policy, all key risks identified by the Group Companies and corporate functions are categorized according to the nature of the Group’s business activities, and the rating of such risks are assessed based on the likelihood of occurrence and impact via a self-assessment approach. All the respective Group Companies and corporate functions are required to report their risk profiles and its countermeasures to the Risk Management Unit (“RMU”) and MARCC on a quarterly basis. All key risks that are deemed to have a significant impact to the Group are then reported to the GRMC. The GRMC will, in turn, highlight such risks to the Board for its attention. A database on all key risks, key controls and countermeasures and status of implementation of the mitigating plans is maintained by the RMU of GCAD. INTERNAL CONTROL The Board, through the Audit Committee (“AC”), oversees the internal control framework to ensure operational effectiveness and adequate protection of the Group’s assets. The internal control system covers policies, procedures, day to-day activities and the overall governance of the Group. The following policies and procedures form the backbone of our internal control processes which apply to all levels of employees: • Ranhill Authority Manual (“RAM”) This Manual covers all Group operations and forms the backbone of all authority limits set by the Board for the Board Committees, management and operations. The RAM creates clear stewardship responsibilities, delegation of authority and accountability. • Whistleblowing Policy The Group has in place a Whistleblowing Policy that provides clarity on the oversight and responsibilities of the whistleblowing process, the reporting process, protection and confidentiality of the whistleblowers. The primary purpose of the Whistleblowing Policy and its supporting mechanism is to enable individuals to raise genuine concerns without fear of reprisal. • Code of Conduct & Business Ethics (“CCBE”) The Group has clearly set out the standards of conduct and behavior expected from all Ranhill’s directors and employees in its business dealings within and with external parties. It sets out the basic guiding principles in upholding trust, integrity and high ethical standards and was developed in compliance with the relevant laws and regulations.
RkJQdWJsaXNoZXIy ODQxNzg=