Axiata Group Berhad | Sustainability & National Contribution Report 2016

INTRODUCTION

16

The Board Audit Committee (BAC), via the Axiata Group

Risk Management Committee (GRMC), has put in place a risk

management framework and process to identify, evaluate and

monitor principal risks, and implement appropriate internal control

processes and procedures to manage these risks across the

Group, excluding Associate Companies and joint ventures which

are not within the Group’s control.

The Group is committed to the continuous improvement of risk

management processes and ensures that the processes remain

relevant to the operating environment. The GRMC, which consists

of all the members of Axiata Group’s Senior Leadership Team

(SLT) and is chaired by the Axiata Group BAC Chairman, plays a

key role in driving Axiata’s ERM Framework. With the assistance

RISK

MANAGEMENT

• Maintains a sound system of risk management & internal controls

• Approves risk management policy and framework, governance structure and sets the risk appetite

• Receives, deliberates and endorses BAC reports on risk governance and internal controls

• Assists the Board in evaluating the adequacy of risk management & internal control framework

• Reviews and endorses the Group Risk Profile

• Receives and reviews reports from the Risk Committee and recommends them to the Board for approval

• Assists in identifying principal risks at Group level and provides assurance that the ERM is implemented

Group-wide

• Reviews and recommends frameworks and policies specifically to address enterprise risk inherent in all

business operations

• Promotes cross-functional sharing of risk information

• Monitors compliance to ERM Framework, regulatory requirements and status of action plans for both

Group and subsidiaries

• Coordinates and promotes risk management culture and implementation

• Establishes, formulates, recommends and manages sound and best practice ERM programme for Axiata

Group

• Inculcates risk awareness within the Group

• Assists Axiata OpCos and Business Units in establishing their internal risk policy and structures, including

the business continuity programme for the Group

• Identification and consolidation of risk matters

• Secretariat for the GRMC

• Consolidates risk reports from Axiata OpCos and Business Units for the GRMC’s review

• Encourages and recommends the adoption of mitigation actions where appropriate

• Primarily responsible for managing risks on a day-to-day basis

• Promote risk awareness within their operations and introduce risk management objectives into their

business and operations

• Coordinate with Axiata Group Risk Management Department on implementation of risk management

policy and practices

Board of Directors

Board Audit Committee

Group Risk Management

Committee

Group Risk Management

Department

Risk Focals at

Axiata CC and OpCos

Key parties within the Group’s Risk Governance Structure

of the Group Risk Management Department, the GRMC ensures

systematic implementation and monitoring of the effectiveness of

a risk management culture and processes across the Group.

Axiata’s risk management process is guided and principally

aligned to ISO31000:2009 where risk is managed to ensure the

achievement and implementation of strategic objectives. The

Group’s risk management process typically involves identifying

particular events or circumstances relevant to our objectives and

risk appetite, assessing them in terms of likelihood and magnitude

of impact, determining a response strategy, evaluating the

adequacy of existing controls, and monitoring the implementation

of the response. The objective is to protect and create value for

our key stakeholders.

The Board is responsible and accountable for maintaining the processes of risk management and

internal control practices to safeguard shareholders’ investments and the Group’s assets.