BIMB Integrated Annual Report 2017

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL • Risk Appetite The BRC, through the Group’s key operating subsidiaries establish the risk appetite and risk tolerance for the relevant entities. The defined risk appetite and risk tolerance are periodically reviewed by the respective Management and the respective Board in line with the Group’s business strategies and operating environment. Such review includes identifying and setting new risk appetite metrics for business entity or removal of risk appetite metrics that are no longer applicable as well as updates on the risk appetite thresholds to be in line with the Group’s business strategy and risk posture. The main risk inherent to the business and operations that were considered in the risk appetite review include regulatory compliance risk, credit risk, market and liquidity. • Audit and Examination Committee (“AEC”) The AEC of BHB reviews the adequacy of internal controls within the company based on the assessment performed by the internal auditors. Similarly the AEC of the key operating subsidiaries reviews relevant matters pertaining to its internal accounting controls on quarterly basis. In addition, the AEC of BHB and its key operating subsidiaries also review and assess the adequacy of the scope and effectiveness of the internal and external audit functions. For the external auditors, the AEC assess their independence and the quality of their resources. All significant findings by the internal auditors, external auditors and regulators are reported to the AEC for review and deliberation. The AEC reviews and ascertains that mitigation plans are implemented by Management to safeguard the interests of the Group and upkeep proper governance. The risk responses and internal controls that the Management has initiated are documented and recorded in the AEC meeting minutes. Pursuant to Paragraph 15.17(f) of the Listing Requirements of Bursa Malaysia Securities Berhad, two (2) separate meetings with the external auditors were conducted with the AEC of BHB without the presence of any Management of the Company, to discuss on any issues relating to BHB Group during the financial year ended 31 December 2017. • Board Risk Committee (“BRC”) The Group BRC is kept informed by its subsidiaries on their risk management policy statement and framework including the strategies, policies, the risk tolerance levels, governance and reporting structure. At the key operating subsidiaries level, reviews and assessments were carried out on the adequacy of the risk management policies and framework in identifying, measuring, monitoring and controlling risks and the extent to which these risks are effectively managed. In addition, they would also review the adequacy of relevant policies at the subsidiaries in meeting the relevant regulatory requirements including capital plan, dividend policy, investment and financing policy, single customer limit, business continuity plan, etc. • Group Risk Management Committee (“GRMC”) The GRMC has been established to identify and review the key risk areas of BHB Group. It ensures that an appropriate risk management system and internal controls are in place and functioning effectively. The GRMC is also responsible for assessing the adequacy of infrastructure, resources and systems for effective risk management, and where necessary to embark on the Group’s initiative to share facilities, mobilise resources, etc. In addition, the GRMC reviews the subsidiaries risk management periodic reports presented by the key operating subsidiaries on risk exposure, risk portfolio composition and risk management activities six (6) times a year. The GRMC is chaired by the Group Chief Strategy Officer and the members consist of the Group Chief Financial Officer of BHB together with the Risk Officer of the key operating subsidiaries. 142 BIMB HOLDINGS BERHAD Integrated Annual Report 2017