FGV Annual Report 2020

230 FGV HOLDINGS BERHAD Annual Integrated Report 2020 Statement On Risk Management And Internal Control How We Approach Risk The achievement of the strategies enshrined in the strategic plan requires a strong risk-centric approach to ensure the Group is always aware and prepared for the myriad risks faced by the business. This is underpinned by our robust internal controls and oversight framework, which are necessary prerequisites to the achievement of the Group’s objectives. Overview of Our Approach Effective risk management is an integral part of our business model and is intended to seek opportunities from the risks, lessen the potential impacts in the event risks are crystallised and protect our reputation, while ensuring profitability and business growth remain paramount. The matrix for oversight, assurance, risk management and internal control is clearly set up in FGV. Our risk management oversight approach is premised on the four lines of defence model, coordinating the various players involved and their activities to effectively inculcate sound risk culture. Responsibilities and Accountabilities The Board acknowledges the principal risks in all aspects of the Group’s businesses and recognises that business decisions involve taking appropriate risks. The Board ensures that there are systems in place that effectively monitor and manage these risks. For areas pertaining to risk management and internal control, the Board is responsible for the following: i. Determining the Group’s overall risk appetite and level of risk tolerance and actively identifying, assessing and monitoring key business risks to safeguard shareholders’ investments and the Group’s assets, and communicating the same to the Senior Management. ii. Appraising the Group’s major current and emerging risks and ensuring that appropriate risk management and internal control procedures are in place. iii. Considering and approving the Group’s overall risk-reward strategy and framework for managing all categories of current and emerging risks relevant to the sustainability of the Group’s businesses and the well-being of the Group and its stakeholders, consistent with its level of risk tolerance. iv. Ensuring proper implementation and review the Group’s internal controls system, which is continually upgraded to mitigate the Group’s current and emerging risks. GROUP MANAGEMENT COMMITTEE & SENIOR MANAGEMENT BOARD AND BOARD COMMITTEES MANAGE OVERSEE ASSURANCE EXTERNAL ASSURANCE First line of defence - Functions that own and manage risks Business Clusters Policies and Standard Operating Procedures Second line of defence - Functions that oversee risks, control and compliance Group Governance & Risk Management Division Other Corporate Centres Third line of defence - Internal functions that provide independent assurance Group Internal Audit Fourth line of defence - setting requirements and/ or performing independent assurance External Auditors Regulators Other External Bodies