Table of Contents Table of Contents
Previous Page  102 / 284 Next Page
Information
Show Menu
Previous Page 102 / 284 Next Page
Page Background

Axiata Group Berhad | Annual Report 2016

GOVERNANCE

100

The risk identification process, which is done on an ongoing basis

entails scanning all key factors within Axiata’s business context from

an ‘outside-in’ perspective, i.e. from macro-environment (external) to

industry and internal risks. Risks are generally classified into distinct

categories, i.e. strategic, financial, operational and compliance,

representing the challenges to the Group’s business operations, as

depicted below:

Macro

Environment

Technology

Environment

Regulatory

Economy

Social

Geo Political

Strategic

Operational

Financial

Compliance

Internal

Strategy,

Governance,

Financial, People

Operations

S

u

b

s

t

i

t

u

t

e

s

I

n

d

u

s

t

r

y

C

o

m

p

e

t

i

t

o

r

s

V

e

n

d

o

r

s

C

u

s

t

o

m

e

r

s

S

u

p

p

l

y

C

h

a

i

n

Risk information and treatment plans are captured and updated into

a risk register which is maintained by the respective OpCos and the

Group. The information is then consolidated to provide an enterprise

overview of material risks faced by the Group and the associated risk

mitigation plans, which is tracked and reviewed from time to time.

Control Self-Assessment (CSA)

CSA is an effective process used by the Group for improving

business internal controls and processes. It allows employees of

the Group to identify the risks involved in achieving the business

objectives, to evaluate the adequacy and effectiveness of the

controls in place and activities designed to manage those risks.

CSA was performed on selected areas in XL and Robi in 2016.

3.0 Control Activities

Control activities are the policies, procedures and practices that ensure

management objectives are achieved and risk mitigation strategies are

carried out. Key activities within the Group are as follows:

3.1 Policies and Procedures

Financial and Operational Policies and Procedures

The Group currently maintains two policies, i.e. Limits of

Authority (LoA) and Group Policies encompassing both the

Group and OpCo levels, which sets the framework for the

development of the respective procedures covering financials

and controls. The documented procedures include management

accounting, financial reporting, procurement, information

systems security, compliance, risk management and business

continuity management.

Internal control is embedded into these policies to ensure

consistent application throughout the Group. This serves as

a preventive control mechanism whilst allowing the Group to

promptly identify and respond to any significant control failures.

Budgeting Process

A comprehensive annual budgeting process is in place to evaluate

the feasibility and viability of the Group’s businesses and to

ensure that the Group’s OpCos business plans are in line with the

Group’s future strategic plans. Annual budgets are prepared by

the OpCos and deliberated with their respective Boards. They are

then presented and discussed during the Axiata Board Retreat for

approval before the commencement of a new financial year.

Upon approval of the budget, the Group’s performance is

periodically monitored and measured against the approved

budget and ongoing business forecast, which is cleared by the

President and GCEO and supported by the SLT. The Group’s

performance is also reported to the BAC and the Board.

Reporting systems which highlight significant variances against

the plan are in place to track and monitor performance. The

results are reviewed on a quarterly basis by the Board to enable

them to gauge the Group’s overall performance, compared to the

approved budget and prior periods, and to take remedial action

where necessary. Similar performance reviews at OpCos Board

level take place on a monthly or quarterly basis.

Whistleblower Policy and Procedures

The Group has a Whistleblower Policy which enables employees

to raise matters in an independent and unbiased manner. As

part of this Whistleblower Policy and procedures, there is an

anonymous ethics and fraud e-mail, under the administration

of the Group Chief Internal Auditor (GCIA), as a mechanism for

internal and external parties to channel their complaints or to

provide information in confidence on fraud, corruption, dishonest

practices or other similar matters by employees of the Group. The

objective of such an arrangement is to encourage the reporting

of such matters in good faith, with the confidence that employees

or any parties making such reports will be treated fairly, their

identity remains anonymous and are protected from reprisal.

Insurance and Physical Safeguard

The Group maintains an insurance programme to ensure that

its assets and businesses are sufficiently covered against any

damage that will result in material losses. At the same time, we

also ensure that our major assets are physically safeguarded

and review the adequacy and type of insurance cover at regular

intervals to ensure alignment against the Group’s risk exposure

and appetite.

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

1 97 98 99 100 101 102 103 104 105 106 107 108 284  FlippingBook