GROUP INTERNAL AUDIT DEPARTMENT The GIAD regularly reviews the Group’s systems of internal controls and evaluates the adequacy and effectiveness of the controls, risk management and governance processes implemented by Management. It integrates a risk-based approach in determining the auditable areas and frequency of audits. The annual audit plan for the Group is reviewed and approved by the AC. GIAD is guided by its Internal Audit Charter that provides i ndependence and r e f l ec t s t he r o l es , responsibilities, accountability and scope of work of the department. For any significant gaps identified in the governance processes, risk management processes and controls during the engagements, GIAD provides recommendations to Management to improve their design and effectiveness of controls where applicable. The GIAD’s functions are disclosed in the AC Report on pages 174 to 177 of this Annual Report. ENTERPRISE RISK MANAGEMENT FRAMEWORK The ERM framework standardises the process of identifying, evaluating and managing risks faced by the Group for the Financial Year. The ERM framework covers the following key features: • Roles and responsibilities of the Board, RMC, RMD, Management and departments • Guidance on risk management processes and associated methodologies and tools • Guidance on risk register and controls assessments • Guidance on business impact analyses The Group has established a structured process for risk management and reporting within the ERM framework as follows: • The first line of defence is provided by Management and departments which are accountable for identifying and evaluating risks under their respective areas of responsibilities • The second line of defence is provided by the RMD and RMC which are responsible for facilitating and monitoring risk management processes and reporting • The third line of defence is provided by the GIAD which provides assurance on the effectiveness of the ERM framework A key component of the ERM framework is Business Continuity Management and the Group has established business continuity plans which enable it to respond effectively in the event of a crisis and to prevent significant disruption to operations. RISK MANAGEMENT INITIATIVES IN 2021 During the Financial Year, the RMD focused on strengthening the structure and documentation for ERM across the Group, increasing Management participation in risk management, providing robust risk management education and awareness, and completing targeted business impact analyses and recovery plans testing. This had been done by the implementation of the Red Radar Risk Management System that enables a systematic approach in managing risks across the Group. A key initiative was the formation of a Management level risk committee (“MRC”) to increase participation by Management in risk management processes. The MRC is tasked with reviewing the Group’s key risks prior to submission to the RMC every quarter. The RMD also identified and established Crisis Management Teams across the Group to respond to business continuity events and conducted BCP exercises for key systems, functions and stations to minimise significant operational disruptions in the event of a crisis across the Group. C O R P O R A T E G O V E R N A N C E A N N U A L R E P O R T 2 0 2 1 1 7 9
RkJQdWJsaXNoZXIy ODU0MjU5