BIMB Integrated Annual Report 2017

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL • Board Risk Committee (“BRC”) The BRC is responsible to assist the Board on risk management and oversee the Management’s activities in managing significant risk areas and to ensure that the risk management framework is in place and functioning effectively. At the Management level, the BRC is supported by the Group Risk Management Committee (“ GRMC ”) to oversee the risk management matters relating to the Group risk management activities. The minutes of the BRC is escalated to the Board for information. The Terms of Reference is available on the Company’s website www.bimbholdings.com; About us – Corporate Governance – Board Committees – Board Risk Committee – Terms of Reference In respect of the key operating subsidiaries, in particular Bank Islam Malaysia Berhad (“ Bank Islam ”) and Syarikat Takaful Malaysia Berhad (“ Takaful Malaysia ”), the internal control oversight function is carried out by the respective subsidiaries’ BRC. At BIMB Securities Sdn Bhd (“ BIMB Securities ”), the risk management and internal control oversight function is carried out by its AEC. The risk management control structure and processes which have been instituted throughout the BHB Group are reviewed from time to time to cater for the changes in the business environment. BHB’s AEC and BRC together with the respective AEC/BRC at the key operating subsidiaries regularly reviews and monitors the Management’s approach and actions in addressing key risks at Company and subsidiaries level. It also provides the Board and the Management with the platform to anticipate and manage both the existing and potential risks, taking into consideration changing risk profile and risk appetite. This process has been in place and continued to be BHB Group’s practice for the financial year under review and up to the date of approval of this Statement for inclusion in this Integrated Annual Report. MANAGEMENT RESPONSIBILITY The Management is accountable for implementing the Board’s policies and procedures on risks and control and its roles includes but not limited to:- • Identify the risks relevant to the business, implementation of strategies and the achievement of its objectives; • Implement regular risk management reporting, monitoring and review as part of its risk management framework; • Identify changes to risks or emerging risks, take actions as appropriate, and promptly bring these to the attention of the Board; • Discuss the tolerance level for each of the operational business and ensuring that they are within accepted parameter by the relevant regulatory bodies; and • Report in a timely manner to the Board any changes to the risk and any corrective action taken. Assurance in relation to the above risk management and internal control are also obtained from the key operating subsidiaries confirming that their risk management and internal control are operating adequately and effectively, in all material aspects. Any material risk management and internal control deficiencies will be presented to the respective subsidiaries’ BRC/AEC and subsequently to the respective Board. 140 BIMB HOLDINGS BERHAD Integrated Annual Report 2017