Risk Ownership and Accountability Risk Appetite and Tolerance Operational Risk Assessment Heads of Divisions and Chief Executive Officers across the Group are responsible for implementing risk management and business continuity management within their respective areas. They are supported by appointed Risk Champions, who also serve as focal points with Group Risk Management Division (GRMD). FGV’s Risk Appetite Statement (RAS) defines acceptable risk levels, balancing risk and reward to support sustainable growth. Divisional RASs have been introduced to align operational risks with the Group RAS, enabling tailored risk management based on the unique needs of each division. End-to-end operational risk assessment including risk analysis along with respective key risk indicators as well as recording and reporting via the Enterprise Risk Management System (ERMS). Risk registers are reviewed and updated on a quarterly basis, with key risks escalated to Management and the Board. 1 2 3 Business Continuity and Crisis Management Business Continuity Management (BCM) programme includes the execution and management of disruptive incidents and crises occurrences, supported by the Crisis Management Committee (CMC). The launch of the digital BCM System enhances resilience through streamlined recovery plans, document management, and communication protocols. 5 Project Risk Assessment Active risk assessments are incorporated in investment proposals, project evaluations and tender submissions to ensure associated risks are proactively identified and managed. Proposal and tender owners are required to include a risk assessment section of which the preparation is facilitated or reviewed by GRMD for endorsement by the steering committee and the Board. 4 Risk Culture A risk-aware culture is fostered through continuous engagement, awareness, and training sessions, organised and facilitated by GRMD across the Group. To enhance competencies, the Group has developed a Competency Framework for Risk, BCM, and Governance Champions, supporting capability development. Various risk and BCM activities, including awareness programmes, training sessions, periodic reviews of the risk register and business continuity plan, and incident management, strengthen FGV’s ability to manage risks effectively. These efforts align with FGV’s Risk Management policy and best practices, ensuring a proactive and structured approach across the organisation. 6 KEY ELEMENTS OF EMBEDDING RISK INTO OPERATION The diagram below shows FGV’s risk management oversight matrix. BOARD AND BOARD COMMITTEES Group Management Committee, Risk Management Committee and Senior Management MANAGE Business Units Group Risk Management Division External Auditors Group Internal Audit Policies and Standard Operating Procedures Other Corporate Centres Regulators Other External Bodies OVERSEE EXTERNAL ASSURANCE ASSURANCE First line of defense – Owns and manages risks Second line of defense – Oversees risks, control and compliance Fourth line of defense - Setting requirements and/ or performing independent assurance Third line of defense – Provides independent assurance RESPONSIBILITIES AND ACCOUNTABILITIES The Board assumes overall responsibility for FGV’s risk management and internal control systems and is supported by the Board Governance & Risk Management Committees (BGRMC), which provides oversight on risk-related matters. GRMD, headed by the Officer in Charge (OIC), plays a pivotal role in developing, executing, and monitoring risk management strategies in collaboration with key stakeholders, including business units, subsidiaries, and functional divisions. The Risk Management Committee (RMC) oversees the assessment and deliberation of the Group’s key and emerging risks. Subsequently, these are elevated to the BGRMC for acknowledgment and independent review. The outcomes of this rigorous process undergo further review by the Board, which relies on the risk management oversight matrix to ensure robust risk management. The Group also draws on insights from Group Internal Audit to enhance risk management processes and identify internal control gaps in key risk mitigation. 225 Sec 07 SUSTAINING VALUE THROUGH GOOD GOVERNANCE
RkJQdWJsaXNoZXIy NDgzMzc=