CAHYA MATA SARAWAK ANNUAL REPORT 2016

A N N U A L R E P O R T 2 0 1 6 Section 06 Governance 73 Cahya Mata Sarawak Berhad GRMU also conducts regular risk awareness and coaching sessions to ensure that the Group’s employees have a good understanding and application of risk management principles. 3. Risk Management Framework & Policy TheGroup’s riskmanagement framework is constantly monitored and reviewed to ensure that risks and controls are updated to reflect the current situation and ensure continued relevance. Management views seriously andwill take necessary actions to ensure that the Group is always alert to the changing business environment and any situation that might affect the Group’s assets, operations, income and reputation. The Group’s policy is to create a consistent consideration between risks and rewards in the business planning, execution and daily operations in order to achieve the Group’s goals. CMSB Group’s Risk Management process can generally be summarised as follows: a) Identification Risks are defined as any event which may have an impact upon its business objectives. On a quarterly basis, the respective risk owners will review and update their risk profile during their management meeting. The risk owners will also use the platform to review the control and management actions for each of the identified risks. The main underlying principles of the risk policy are: • Informed risk management is an essential element of a corporate strategy. • Effective risk management provides greater assurance that the Group’s strategy and business objectives will be achieved without major surprises. • Each Business Division is responsible for managing risks that can impact the achievement of their business objectives. • Integrate risk management into business activities and decision-making processes at all levels. • All significant risks are to be identified, analysed, prioritised, mitigated, monitored, and reported on a timely basis. 4. Risk Management Process The Group’s risk management process is a systematic procedure and practice which consists of risk identification, analysis, treatment, monitoring and reporting as depicted in the diagram below: Notwithstanding the quarterly risk reporting framework, as and when necessary each risk owner shall report any material risks that may be arising or have arisen on a timely basis. b) Analysis Riskismeasuredintermsof probabilityandimpact depending on the likelihood of occurrence and relative significance of the impact. The Group adopts a 5 x 5 matrix in measuring the risks, and hence responds appropriately to mitigate/ protect the Group from loss, uncertainty and loss of business opportunities. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL RISK MANAGEMENT PROCESS Reporting Analysis Identification Monitoring Treatment