98 / 284
Axiata Group Berhad | Annual Report 2016
GOVERNANCE
096
Board of
Directors
STATEMENT ON RISK MANAGEMENT AND
INTERNAL CONTROL
Pursuant to Paragraph 15.26(b) of the Main Listing Requirements (LR) of Bursa Malaysia Securities Berhad (Bursa
Securities), the Board of Directors of listed issuers is required to include in their annual report, a ‘statement about the
state of risk management and internal controls of the listed issuer as a group’. Accordingly, the Board is pleased to
provide the following statement that was prepared in accordance with the ‘Statement of Risk Management and Internal
Control: Guidelines for Directors of Listed Issuers’ as endorsed by Bursa Securities, which outlines the nature and scope
of risk management and internal control of the Group during the financial year under review.
Board’s Responsibility
The Board is responsible and accountable for
maintaining sound processes of risk management
and internal control practices to safeguard
shareholders’ investments and the Group’s
assets. Such processes cover not only financial
control but also operational and compliance
controls. In view of the limitations inherent in
any process, the risk management and internal
control processes and procedures put in place
can only manage risks within tolerable levels,
rather than eliminate the risk of failure to achieve
the Group’s business objectives.
The Board Audit Committee (BAC) assists
the Board in evaluating the adequacy of risk
management and internal control framework.
The BAC, via the Axiata Group Risk Management
Committee (GRMC), has put in place a systematic
risk management framework and process to
identify, evaluate and monitor principal risks; and
implement appropriate internal control processes
and procedures to manage these risks across the
Group, excluding Associate Companies and joint
ventures which are not within the Group’s control.
Following the written assurance from the
President and Group Chief Executive Officer
(GCEO) and Group Chief Financial Officer (GCFO),
that the Group’s risk management processes and
internal controls are operating effectively, the
Board is of the view that processes covering risk
management and internal control in place for the
year under review and up to the date of issuance
of the financial statements is sound and sufficient
to safeguard shareholders’ investments and the
Group’s assets.
Risk Management and Internal Control
Framework
1.
Axiata Enterprise Risk Management
Framework
The Group adopts the Axiata Enterprise
Risk Management (ERM) Framework
as a standardised approach for timely
identification, reporting andmanagement of
principal risks and ensures implementation,
tracking and review of effectiveness of
mitigation actions for the risks identified.
The framework, benchmarked against
ISO31000:2009, is adopted by all risk
• Maintaining a sound system of risk management & internal controls
• Approves risk management policy and framework, governance structure and sets the
risk appetite
• Receives, deliberate and endorses BAC reports on risk governance and internal controls
• Assist the Board in evaluating the adequacy of risk management & internal control
framework
• Reviews and endorses the Group Risk Profile
• Receives and reviews reports from the Risk Committee and recommend them to the
Board for approval
Board Audit
Committee
• Assist in identifying principal risks at Group level and providing assurance that the ERM is
implemented group-wide
• Review and recommend frameworks and policies specifically to address enterprise risk
inherent in all business operations
• Promote cross-functional sharing of risk information
• Monitor compliance to ERM Framework, regulatory requirements and status of action
plans for both Group and subsidiaries
• Coordinate and promote risk management culture and implementation
• Establish, formulate, recommend and manage sound and best practice ERM program for
Axiata Group
• Inculcate risk awareness within the Group
• Assist Axiata OpCos and Business Units in establishing their internal risk policy and
structures, including business continuity programme for the Group
• Identification and consolidation of risk matters
• Secretariat for the GRMC
• Consolidated risk reports from Axiata OpCos and Business Units for the GRMC’s review
• Encourages & recommend the adoption of mitigation actions where appropriate
• Primarily responsible for managing risks on a day-to-day basis
• Promoting risk awareness within their operations and introduce risk management
objectives into their business and operations
• Coordinate with Axiata Group Risk Management Department on Implementation of risk
management policy and practices
management teams across the subsidiaries. It stresses the importance of balancing between risk
and reward in making strategic business decisions, a tool in managing both existing and potential
risks with the objective of protecting key stakeholders’ interests, and compliance with statutory
and legal requirements. At the same time, the framework promotes an effective risk culture whilst
embedding risk management in our daily business decisions.
2.
Risk Governance Structure
The Group is committed towards continuous improvement of risk management processes and
ensures that the processes remain relevant to the operating environment. The GRMC, which
consists of all the members of Axiata Group Senior Leadership Team (SLT) and chaired by the
Axiata Group BACChairman plays a key role in drivingAxiata’s ERMFramework. With the assistance
of the Group Risk Management Department (GRMD), they ensure systematic implementation and
monitoring of the effectiveness of risk management culture and processes across the Group.
The committee meets on a quarterly basis to review existing, new and evolving risks and where
necessary, evaluate effectiveness of mitigation plans and improve existing risk practises, where
necessary. The following depicts the key parties within the Group’s Risk Governance Structure and
their principal risk management roles and responsibilities:
Group Risk
Management
Committee
Group Risk
Management
Department
Risk Focals
at Axiata CC
and Opcos