The GRMC is assisted by the Group Risk Management Department (GRMD)
to monitor and ensure that the Group risk management practices are aligned
with the framework. The implementation of risk management activities
encompasses corporate and subsidiary (OpCo) levels. To ensure the
operationalisation of risk management processes and clear accountability
at the OpCo level, risk committees comprising of their CEO (as Chair) and
selected senior management members are set-up in each OpCo. At the
same time, a risk focal person (“Risk Champion”) is appointed to provide
timely risk updates and reports to the GRMD. Events which may materially
impact the Group’s financial position and reputation will be escalated to the
GRMD for appropriate action. At the same time, the Risk Champion would
provide recommendation on the adoption of appropriate mitigation steps
and provide quarterly updates to their respective OpCo BAC on the action
taken. There is a rolling programme where the CEO or CFO of each OpCo
is required to present their risk profile at the GRMC on a quarterly basis. As
and when new OpCos are established, GRMD will work closely with the new
management team in the set-up of the risk function.
The Group’s financial performance and operations are influenced by a vast
range of risk factors. These risks vary widely where some maybe beyond
the Group’s control. There may also be risks that are either presently
unknown or currently assessed as insignificant, which may later prove to be
material. However, we aim to mitigate the exposures through appropriate
risk management strategies and internal controls.
Principally, the Group’s key risk factors are categorised into the following
eleven categories:
•
Technology Risk
•
Regulatory Risk
•
Strategic Risk
•
Investment Risk
•
Geo Political Risk
•
Market Risk
•
Financial Risk
•
People Risk
•
Operational Risk
•
Cyber Risk
•
Governance & Integrity Risk
A write-up of the key risks faced by the Group are listed in Appendix 1 of
this statement.
The following key internal control structures are in place to assist the Board
to maintain a proper internal control system:
Key Internal Control Structures of the Group
1.0 Control Environment
The control environment sets the tone for the Group by providing
fundamental discipline and structure. Key elements of the Group’s
internal control systems include:
1.1 Integrity and Ethical Values
•
Code of Conduct and Practice
The Senior Management and Board set the tone at the
top for corporate behaviour and corporate governance. All
employees of the Group shall adhere to the policies and
guidelines as set out in the Code of Conduct of the Group
which sets out the principles to guide employees in carrying
out their duties and responsibilities to the highest standards
of personal and corporate integrity when dealing within the
Groupandwithexternalparties.TheGroup’sCodeofConduct
covers areas such as compliance with respect to local laws
and regulations, integrity, conduct in the workplace, business
conduct, protection of the Group’s assets, confidentiality,
conflict of interest and anti-competition practices. In 2015,
various initiatives such as workshops, Group Recognition
Event and refreshed gifts policy to inculcate and encourage
the appropriate behaviours continue on.
•
Guidelines on Misconduct and Discipline
Guidelines are in place for handling misconduct and
disciplinary matters. These guidelines govern the actions
to be taken in managing the misconduct of employees
who breach the Code of Conduct and Practice or do not
comply with the expressed and implied terms and conditions
of employment. The Code of Conduct and Practice has
also been extended to contractors and suppliers of the
subsidiaries.
1.2 Board Committees
(a) Board
Clear roles of the Board are stated under the Statement of
Corporate Governance section of this Annual Report.
(b) Board Committees
To promote corporate governance and transparency, in
addition to the Board, the Group has the BAC, BNC and
BRC (collectively ‘Board Committees’) in place. These Board
Committees have been established to assist the Board
in overseeing internal control, Board effectiveness, and
nomination and remuneration of the Group’s key positions
and directors. The responsibilities and authority of the Board
and Board Committees are governed by a clearly defined
ToR.
(c) BAC
The primary function of the BAC is to assist the Board in
fulfilling its statutory and fiduciary responsibilities. The BAC
will review the financial statements and financial reporting
process, the system of internal controls, management
of enterprise risk, the audit process and the process for
monitoring compliance with law and regulations including
Bursa Malaysia requirements and the company’s Code of
Conduct.
It has direct access to the internal and external auditors and
full discretion to invite any Director to attend its meetings.
Further details of the BAC are stated under the BAC Report
section of this Annual Report.
(d) BNC
Please refer to the Statement on Corporate Governance
section of this Annual Report.
axiata group berhad | annual report 2015
075
