Axiata Group Berhad - Annual Report 2016

GOVERNANCE

Axiata Group Berhad | Annual Report 2016

097

The implementation of risk management activities encompasses both

corporate and subsidiary (at Operating Company or “OpCo”) levels where

OpCos have similar risk structures within their jurisdiction. To ensure the

operationalisation of risk management processes and clear accountability at

the OpCo level, risk committees comprising of their Chief Executive Officer

(CEO) as Chair, and selected senior management members are set up in each

OpCo. At the same time, a risk focal person (“Risk Champion”) is appointed

to provide timely risk updates and act as the key liaison with GRMD. Events

which may materially impact the Group’s financial position and reputation will

be escalated to the GRMD for appropriate action. At the same time, the Risk

Champion would provide recommendation on the adoption of appropriate

mitigation steps and provide quarterly updates to their respective OpCo

BAC on the action taken. To further strengthen accountability at the

management level, the CEO or Chief Financial Officer (CFO) of each OpCo is

required to present their risk profile at the GRMC on a rotational basis. This

structure provides the Group with the necessary detailed knowledge from

OpCos, thus allowing the Board to have a comprehensive view of principal

risks and mitigation activities across the board and ensure accountability by

OpCos in managing their risks. As and when new OpCos are established,

GRMD will work closely with the new management team in the set-up of

the risk function.

The Group faces many risks and uncertainties which we mitigate and

manage through various risk management strategies, actions and controls.

These risks vary widely with some threatening our business model, future

performance and financial standing of the business. There may be risks that

are beyond the Group’s control, or presently unknown or currently assessed

as insignificant, which may later prove to be material. Nonetheless, we aim

to mitigate the exposures through appropriate risk management strategies

and internal controls as much as possible.

Principally, the Group’s key risk factors are categorised into the following

eleven categories:

•

Financial Risk

•

Market Risk

•

Regulatory Risk

•

Cyber Risk

•

Operational Risk

•

Geo Political Risk

•

Strategic Risk

•

Investment Risk

•

People Risk

•

Technology Risk

•

Governance and Integrity Risk

A write-up of the key risks faced by the Group are listed in Appendix 1 of

this statement.

The following key internal control structures are in place to assist the Board

to maintain a proper internal control system.

Key Internal Control Structures of the Group

1.0 Control Environment

The control environment sets the tone for the Group by providing

fundamental discipline and structure. Key elements of the Group’s

internal control systems include:

1.1 Integrity and Ethical Values

•

Code of Conduct and Practice

The Senior Management and Board set the tone at the

top for corporate behaviour and corporate governance. All

employees of the Group shall adhere to the policies and

guidelines as set out in the Code of Conduct of the Group

which sets out the principles to guide employees in carrying

out their duties and responsibilities to the highest standards

of personal and corporate integrity when dealing within the

Groupandwithexternalparties.TheGroup’sCodeofConduct

covers areas such as compliance with respect to local laws

and regulations, integrity, conduct in the workplace, business

conduct, protection of the Group’s assets, confidentiality,

conflict of interest and anti-competition practices. In 2016,

various initiatives including ongoing enforcement of the Gift

Policy, consequence management on violation of integrity

and values and Group Recognition Event to inculcate and

encourage the appropriate behaviours continued.

•

Guidelines on Misconduct and Discipline

Guidelines are in place for handling misconduct and

disciplinary matters. These guidelines govern the actions

to be taken in managing the misconduct of employees

who breach the Code of Conduct and Practice or do not

comply with the expressed and implied terms and conditions

of employment. The Code of Conduct and Practice has

also been extended to contractors and suppliers of the

subsidiaries.

1.2 Board Committees

(a) Board

Clear roles of the Board are stated under the Statement of

Corporate Governance section of this Annual Report.

(b) Board Committees

To promote corporate governance and transparency,

in addition to the Board, the Group has the BAC, Board

Nomination Committee (BNC) and Board Remuneration

Committee (BRC) collectively ‘Board Committees’ in place.

These Board Committees have been established to assist the

Board in overseeing internal control, Board effectiveness, and

nomination and remuneration of the Group’s key positions

and directors. The responsibilities and authority of the Board

and Board Committees are governed by a clearly defined

Terms of Reference (ToR).