CAHYA MATA SARAWAK ANNUAL REPORT 2016

www.cmsb .com.my Section 06 Governance Cahya Mata Sarawak Berhad 72 A Group Risk Committee (“GRC”) was established by the Board’s resolution passed on 27 March 2009 and in accordance with Articles of the Association, and is guided by the GRC’s Terms of Reference. The GRC comprises four (4) members, namely the Group Executive Director, Group Managing Director and any two (2) Directors, one (1) of which shall be an Independent Director. The primary responsibility of the GRC is to ensure the effectiveness of the risk management function at the CMSB Group level. GRC also has the responsibility of ensuring appropriate control measures are in place or being developed to mitigate significant risks identified and at the same time, ensuring compliance with applicable laws and regulations. The GRC meets at least once every quarter, reporting to the Board on risk related issues and recommending strategies, policies and risk tolerance for the Board’s information and approval as appropriate. TheGroup’s riskmanagement structure encompasses the whole organisation. 2. The Group Risk Management Unit Function The Group Risk Management Unit (“GRMU”) facilitates the implementation of the riskmanagement framework and processes at Headquarters and the respective Divisions. GRMU is also responsible to work closely with management to continuously review the risks on an ongoing basis so that these risks can be adequately identified, analysed, treated and reported by management on timely basis. Additionally, GRMU will conduct risk meetings on a quarterly basis with the respective Divisions’ risk coordinators and prepare a quarterly report detailing these reported risks together with the likelihood, impact, status of controls and mitigating measures which will then be submitted to the GRC for its review. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Background The Board of Directors of the Company (“Board”) is committed towards maintaining a sound system of risk management and internal control and is pleased to provide this Statement on Risk Management and Internal Control (the “Statement”) which outlines the scope and nature of risk management and internal control of Cahya Mata Sarawak Berhad (“CMSB”) for the financial year ended 31 December 2016. For the purpose of disclosure, this Statement is prepared pursuant to Paragraph 15.26(b) of the Main Market Listing Requirements (“MMLR”) of Bursa Malaysia Securities Berhad and is guided by the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers. Roles & Responsibility The Board recognises its responsibilities and the importance of sound risk management practices and internal control, and for reviewing the adequacy and integrity of those systems. The Board has established procedures to implement the recommendations from “Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers”. These procedures, which are subject to regular review, are intended to provide an ongoing process for identifying, evaluating and managing the significant risks faced by the Group. However, the Board recognises that such a system is a concerted and continuing process, designed to manage and reduce, rather than eliminate, the risks identified to acceptable levels. Therefore, the system of risk management and internal control implemented can only provide reasonable and not absolute assurance against the occurrence of any material misstatement or loss. The Board is of the view that the risk management and internal control system in place for the year under review and up to the date of approval of this Statement for inclusion into the annual report, is adequate and effective to safeguard the shareholders’ investment and the Group’s assets. Summarised below is a description of the key elements of the Group’s risk management and internal control system. 1. Risk Management Structure Risk management is regarded by the Board as an integral part of the business operations. Management at all levels have a collective responsibility for creating a risk-aware culture and ensuring that business risk assessment becomes an explicit part of both Headquarters and the Business Divisions’ (“Divisions”) decision making process. BOARD GRC GRMU Business Divisions Headquarters