FIMA CORPORATION ANNUAL REPORT 2017

Fima Corporation Berhad

(21185-P)

sustainability & governance

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

• enable systematic risk review and reporting on key risks, existing control measures and any proposed action plans; and

• create a risk-aware culture and building the necessary knowledge for risk management at every level of Management.

In line with the achievement of the above objectives, the RMC has undertaken the following:

• formalization of risk management policy and procedures and adopted a structured and systematic risk assessment, monitoring

and reporting framework;

• heightened risk awareness culture in the business processes through risk owners’ accountability and sign-off for action plans and

continuous monitoring;

• compilation of the business units’ risk profiles in relation to the Group risk parameters, the top risks from each business segment

and reported to the Audit Committee for review, deliberation and approval; and

• fostered a culture of continuous improvement in risk management through risk review meetings; and provided a system to

manage the central accumulation of risk profiles data with risk significance rating for the profiles as a tool for prioritizing risk action

plans.

The Group has in place the necessary risk infrastructure encompassing the risk assessment process, organizational oversight and

reporting functions to instill the appropriate discipline and control. Risk assessment, monitoring and review of the various risks faced

by the Group are a continuous process within the key operating units with the RMC playing a pivotal oversight function. The RMC

convenes on an annual basis to review the key risk profiles and submit a summary reporting to the Audit Committee.

The Board of Directors retains the overall risk management responsibility in accordance with Best Practice of the Malaysian Institute

of Corporate Governance, which requires the Board to identify principal risks and ensure the implementation of appropriate systems

to manage these risks.

ORGANISATION

HIERARCHY

BOARD

(Executive

Management)

VISION

EXTERNAL

RISKS

INTERNAL

RISKS

Divisions & SBU

(Senior Management &

Mid-Management)

Strategic

Objectives & Goals

Operational

Goals & Targets

Operation/Functions

(Executives & Staff)

BUSINESS

OBJECTIVES

HIERARCHY

FRAME OF

REFERENCE

ALIGNED

The ERM framework adopted by the Group encompasses the risk assessment process, organisational oversight and reporting

function to instill the appropriate discipline and control around continuously improving risk management capabilities. Risk assessment,

monitoring and review of the various risks faced by the Group are a continuous process within the key operating units with the RMC

playing a pivotal oversight function.