CAHYA MATA SARAWAK ANNUAL REPORT 2016

A N N U A L R E P O R T 2 0 1 6 Section 06 Governance 75 Cahya Mata Sarawak Berhad STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL The principal risks of CMSB are summarised as follows: (i) Operational Risk The Group’s operational risks are mainly within its core businesses and competencies to manage. Operational risk management ranges from managing inherent operational risks (such as severe weather conditions) to managing controllable day-to-day operational risks (such as shortage of raw materials/manpower etc.) The management of the Group’s day-to-day operational risks (such as those relating to health and safety, quality, production, marketing and distribution, and statutory compliance) are mainly decentralisedat thebusiness unit level andguided by approved standard operating procedures and business continuity plans. (ii) Financial Risk As with other industry players operating in a similar business environment, the Group is similarly exposed to various financial risks relating to credit, liquidity, interest rate and foreign currency exchange rates etc. The Group seeks to limit these risks through, among others, assessing the creditworthiness of customers, close monitoring of collections and overdue debts, formulating necessary hedging strategies and by implementing effective and prudent utilisation of its financial resources to keep the gearing and cash balances at an acceptable level. A more detailed disclosure on the Group’s financial risk management is contained in Section 7, Note 41 to the financial statements “Financial Risk Management Objectives and Policies”. (iii) Strategic Risk Strategic risk is defined as the uncertainties and untapped opportunities embedded in the strategic intent and howwell they are executed. To ensure that the Strategic Risk is properlymanaged, the Group has put in place proper processes such as yearly directors’ and management retreats and conducting relevant strategic reviews/meetings to ensure corporate strategies are properly aligned, managed and reviewed throughout the Group. 5. Key Risk Management Activities a) Risk Review for the Financial Year A review on the adequacy and effectiveness of the risk management and internal control system has been undertaken for the financial year under review. The Divisions, comprising their senior management, as well as their executives, carried out the following areas of work: • Conducted reviews and updates of risk profiles including emerging risks and re- rated principal risks; • Evaluated the adequacy of key processes, systems and internal controls in relation to the rated principal risks, and established strategic responses and management actions to manage the aforementioned and/ or eliminate any gaps; and • Reviewed implementation progress of management actions and evaluated post- implementation effectiveness. b) Implementation of Project Risk Scorecard As part of the Group’s commitment to be a more vigilant organisation, management has embarked on the initiative to establish a project risk management framework to manage the Group’s project risks. A Project Risk Scorecard (“PRS”) system has been developed which is to be used for all strategic investments, as well as certain “High threshold” contracts in the ordinary course of business undertaken by the Group. Under this PRS system, the relevant project owners/managers are required to identify the project risks to evaluate the feasibility of the project and present them to GRC and/or their respective Board before the project is formally approved. Subsequently, the project manager will need to monitor the risks and provide periodic updates from time to time. c) Automation of Risk Management Reporting Process By leveraging on the current technological advancements, the Group has engaged an external consultant to conduct a review on the current risk management system and to assist in enhancing the current system; one of which is to introduce an electronic-based risk management framework, with the aim to enhance the efficiency of the risk management process. This system provides an online platform for top management and users to review, update and monitor the risks at all times.