Annual Report 2020

STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL As part of our corporate governance and in line with best practices, AirAsia Group Berhad (“AAGB”) is committed to maintaining a comprehensive and robust risk management and internal control system. The Board of Directors (“the Board”) of AAGB is guided by the requirements set out within Paragraph 15.26 (b) of the Main Market Listing Requirements (“MMLR”) issued by Bursa Malaysia Securities Berhad as well as the Malaysian Code on Corporate Governance 2017 released by the Securities Commission Malaysia. The following statement outlines the nature and scope of the Group’s risk management framework and internal controls for the financial year ended 2020 (“Financial Year”). RESPONSIBILITIES OF THE BOARD The Board is committed to implementing and maintaining a robust risk management and internal control environment and is responsible for the system of risk management and internal control. The Board acknowledges that the risk management and internal control systems are designed to manage and minimise risks as it may not be possible to totally eliminate the occurrence of unforeseeable circumstances or losses. RISK MANAGEMENT COMMITTEE The Board has delegated the governance of Group risk to the Risk Management Committee (“RMC”). The RMC was established in the year 2018 and comprises four (4) Non-Executive Directors with a majority of Independent Directors. The RMC enables the Board to undertake and evaluate key areas of risk exposures. The primary responsibilities of the RMC are as follows: • To oversee and recommend the Enterprise Risk Management (“ERM”) strategies, frameworks and policies of the Group • To implement and maintain sound ERM frameworks, which identify, assess, manage and monitor the Group’s strategic, financial, operational and compliance risks • To implement and monitor a Business Continuity Plan (“BCP”) with procedures and systems to restore critical business functions in the event of unplanned disaster • To develop and inculcate a risk awareness culture within the Group In fulfilling its responsibilities in risk management, the RMC is assisted by the Risk Management Department (“RMD”). MANAGEMENT The Management team is responsible for ensuring that policies and procedures on risk and internal control are effectively implemented. The Management team is accountable for identifying and evaluating risks as well as achieving business goals and objectives within the risk appetite parameters approved by the Board. RISK MANAGEMENT DEPARTMENT The Risk Management framework is coordinated by the RMD in accordance with ISO 31000 and ISO 22301 standards. The RMD develops risk policies, sets minimum standards, provides guidance on risk related matters, coordinates risk management activities with other departments, as well as monitors the Group’s risks. The RMD’s principal roles and responsibilities are as follows: • Review and update risk management methodologies, specifically those related to identification, measuring, controlling, monitoring and reporting of risks • Provide risk management training and workshops • Review risk profiles and mitigation plans of departments • Identify and inform the RMC and Management of critical risks faced by the Group • Monitor action plans for managing critical risks STATEMENTONRISKMANAGEMENT& INTERNALCONTROL 151 ANNUAL REPORT 2020