Shaped By High Standards Of Governance 162 FGV HOLDINGS BERHAD HOW RISKS ARE MANAGED FGV employs a comprehensive risk management process that encompasses two key aspects: identifying the Group’s key risks and providing reasonable assurance in managing those risks within its risk appetite. The process is underpinned by ISO 31000 Risk Management Standards and overseen by the BGRMC. The BGRMC ensures that a strong risk culture is embedded within the Group and reviews the Group’s key risks, progress and mitigation measures. The Group Governance & Risk Management Division (GGRM) is responsible for the risk management policy and framework, providing support to both the Board and Management in implementing a risk awareness culture, methodology, tools and skills necessary for risk oversight. The Risk Management Framework involves a top-down approach to identifying the Group’s key risks and a bottom-up approach to identifying operational risks. Key risks of key businesses are reported quarterly to the respective Sector Risk Committees for deliberation and guidance before they are selected for further escalation to the RMC and the BGRMC to ensure they are within acceptable levels and aligned with the Group’s strategic objectives and risk appetite. The RMC also periodically performs deep-dive reviews to support relevant strategic topics on its agenda. With respect to climate risks, FGV supports the Task Force on Climate-related Financial Disclosures (TCFD) recommendations and discloses its management of climate-related risks and opportunities through its Sustainability Framework. The Group considers climate change’s impact on its strategy and operations and learns more about the specific impacts it might face while employing adequate mitigation measures. Statement on Risk Management and Internal Control RISK MANAGEMENT FRAMEWORK The key objective of the Risk Management Framework is to support the achievement of FGV’s strategic goals by driving clarity and proactive behaviour, which allow us to: • Understand the risk landscape and evaluate the specific risks and potential exposures. • Decide on the most suitable approach to address these risks to mitigate overall potential exposures. • Employ appropriate methods to manage the identified risks. • Monitor and seek assurance on the effectiveness of the risk management methods, and take corrective action where necessary. • Report to the Management and Board periodically on how significant risks are being addressed, monitored, assured and mitigated. PROCESS Monitoring and Review The monitoring and review process tracks the current status of the risk profile, detects changes in the risk context and ensures that the controls are adequate in both design and operation. Phase 1 ESTABLISH CONTEXT Establish the strategic, organisational and risk management process context by considering the environment within which the risks are present. Phase 2 RISK IDENTIFICATION Identify uncertainty arising from risk events that may impact the achievement of objectives, which form the basis for further analysis. Phase 3 RISK ANALYSIS Assess risks in terms of impact and probability, and plot them on the FGV risk matrix to derive a prioritised list of risks for further action. Phase 4 RISK EVALUATION Establish an understanding of the risks by considering the relationships between the causes, risks and effects and thus enable the evaluation of key risk mitigations. Phase 5 RISK TREATMENT Identify controls and responses to manage inherent risks to an acceptable residual risk level. RISK REPORTING Communicate and consult with internal and external stakeholders, as appropriate, at each stage of the risk management process. RISK ASSESSMENT More information on the BGRMC and the AC can be found in the Corporate Governance Overview Statement on pages 147-155.
RkJQdWJsaXNoZXIy NDgzMzc=