STATEMENT ON RISK MANAGEMENT
AND INTERNAL CONTROL
Board’s Responsibility
The Board is responsible and accountable for maintaining a sound process of
risk management and internal control practices to safeguard shareholders’
investments and the Group’s assets. Such process covers not only
financial control but also operational and compliance controls. In view of
the limitations inherent in any process, the risk management and internal
control processes and procedures put in place can only manage risks within
tolerable levels, rather than eliminate the risk of failure to achieve the Group’s
business objectives.
The BAC assists the Board in evaluating the adequacy of risk management
and internal control framework. The BAC, via the Axiata Group Risk
Management Committee (GRMC), has put in place a systematic risk
management framework and process to identify, evaluate and monitor
principal risks; and implement appropriate internal control processes and
procedures to manage these risks across the Group, excluding associate
companies and joint ventures which are not within the Group’s control.
Following the written assurance from the President & GCEO and GCFO, that
the Group’s risk management processes and internal controls are operating
effectively, the Board is of the view that the process of risk management
and internal control processes in place for the year under review and up to
the date of issuance of the financial statements is sound and sufficient to
safeguard shareholders’ investments and the Group’s assets.
Risk Management and Internal Control Framework
1.
Axiata Enterprise Risk Management Framework
The Group adopts the Axiata Enterprise Risk Management (ERM)
Framework as a standardised approach to rigorously identify, assess,
report andmonitor risks facing theGroup. The framework, benchmarked
against ISO31000:2009 is adopted by all risk management teams
across all subsidiaries. It stresses the importance of balancing between
risk and reward in making strategic business decisions, a tool in
managing both existing and potential risks with the objective of
protecting key stakeholders’ interests, and compliance with statutory
and legal requirements. Risks are considered in the development of
our business decisions to provide assurance to the Board and relevant
stakeholders on the adequacy and effectiveness of risk management.
2.
Risk Governance Structure
The Board via the BAC has assigned the Group’s risk oversight function
to the GRMC, which consists of all the members of Axiata Group
Senior Leadership Team (SLT), chaired by the Axiata Group BAC
Chairman. The GRMC is primarily responsible for driving Axiata’s ERM
Framework, ensuring systematic implementation of risk management
and monitoring of risks across the Group. The effectiveness of risk
Pursuant to Paragraph 15.26(b) of the Main LR of Bursa Securities, the Board of Directors
of listed issuers is required to include in their annual report, a ‘statement about the state
of risk management and internal controls of the listed issuer as a group’. Accordingly, the
Board is pleased to provide the following statement that was prepared in accordance
with the ‘Statement of Risk Management and Internal Control: Guidelines for Directors of
Listed Issuers’ as endorsed by Bursa Securities, which outlines the nature and scope of risk
management and internal control of the Group during the financial year under review.
• Maintaining a sound system of risk management &
internal controls
• Approves risk management policy and framework,
governance structure and sets the risk appetite
• Receives, deliberate and endorses BAC reports on risk
governance and internal controls
Board of
Directors
• Assist the Board in evaluating the adequacy of risk
management & internal control framework
• Reviews and endorses the Group Risk Profile
• Receives and reviews reports from the Risk Committee
and recommend them to the Board for approval
Board Audit
Committee
• Assist in identifying principal risks at Group level and
providing assurance that the ERM is implemented
group-wide
• Review and recommend frameworks and policies
specifically to address enterprise risk inherent in all
business operations
• Promote cross-functional sharing of risk information
• Monitor compliance to ERM Framework, regulatory
requirements and status of action plans for both Group
and subsidiaries
• Coordinate and promote risk management culture and
implementation
Group Risk
Management
Committee
• Establish, formulate, recommend and manage sound
and best practice ERM program for Axiata Group
• Inculcate risk awareness within the Group
• Assist Axiata OpCos and Business Units in establishing
their internal risk policy and structures, including
business continuity programme for the Group
• Indentification and consolidation of risk matters
• Secretariat for the GRMC
• Consolidated risk reports from Axiata OpCos and
Business Units for the GRMC’s review
• Encourages & recommend the adoption of mitigation
actions where appropriate
Group Risk
Management
Department
• Primarily responsible for managing risks on a day-to-
day basis
• Promoting risk awareness within their operations
and introduce risk management objectives into their
business and operations
• Coordinate with Axiata Group Risk Management
Department on Implementation of risk management
policy and practices
Risk Focals at
Axiata CC and
Opcos
management policies and processes is reviewed on a regular basis
and where necessary, improved. The following depicts the key parties
within the Group’s Risk Governance Structure and their principal risk
management roles and responsibilities:
axiata group berhad | annual report 2015
074
