(b) Heightening risk awareness culture in the business processes through risk owners’ accountability and
sign-off for action plans and continuous monitoring.
(c) Compilation of the business units’ risk profiles in relation to the Group risk parameters, the top risks from
each business segment and reported to the RMC for review, deliberation and approval.
(d) Fostering a culture of continuous improvement in risk management through risk review meetings; and
provide a system to manage the central accumulation of risk profiles data with risk significance rating for
the profiles as a tool for prioritising risk action plans.
Board of Directors retains the overall risk management responsibility in accordance with Best Practice of the
Malaysian Institute of Corporate Governance, which requires the Board to identify principal risks and ensure the
implementation of appropriate systems to manage these risks.
BOARD
(Executive
Management)
VISION
Divisions & SBU
(Senior Management &
Mid-Management)
Strategic Objectives
& Goals
Operation/Functions
(Executives & Staff)
Operational Goals
& Target
Business
Objectives
Hierarchy
External
Risks
Internal
Risks
Frame of
Reference
Organisation
Hierarchy
Aligned
The ERM framework adopted by the Group encompasses the risk assessment process, organisational oversight
and reporting function to instil the appropriate discipline and control around continuously improving risk
management capabilities. Risk assessment, monitoring and review of the various risks faced by the Group are
a continuous process within the key operating units with the RMC playing a pivotal oversight function.
The ERM assessment was conducted through a combination of workshops and interviews involving the senior
management and the key enterprise risks faced by the Group’s business units are then reported to the Audit
Committee on annual basis. The workshops and interviews conducted have generated the following reports:
(a) Detailed Risk Register.
(b) Risk Parameters.
(c) ERM Report.
These reports were summarised as risk profile and provide the basis for the following:
(a) Business action plans and improvement strategies.
(b) Developing cost effective control strategies.
(c) Prioritisation of areas for operational audit.
corporate
governance
79