Fraser & Neave Holdings Bhd Annual Report 2021

Statement on Risk Management and Internal Control INTRODUCTION This Statement has been prepared in accordance with the Statement on Risk Management and Internal Control – Guidelines for Directors of Listed Issuers (“Guidelines”). The Guidelines provide guidance for companies complying with paragraph 15.26 (b) of the Listing Requirements of Bursa Securities and Principle B and Practice 9.1 and 9.2 of the Malaysian Code on Corporate Governance. BOARD’S RESPONSIBILITY AND ACCOUNTABILITY F&NHB recognises that effective risk management and a sound system of internal control are fundamental to good corporate governance. The objective of risk management is to create and protect value for the Group through improving performance, encouraging innovation and supporting the achievement of objectives. The Board of Directors (“Board”) acknowledges its responsibility and is committed to maintain an e!ective risk management and internal control system to address all key risks which the Group considers relevant and material to its operations while Management plays an integral role in assisting the design and implementation of the Board’s policies on risk management and internal control. The Board recognises that the system of risk management and internal control are designed to manage and mitigate risks rather than eliminate risks which may hinder the achievement of the Group’s objectives and would therefore provide only reasonable and not absolute assurances against material misstatements or losses. For the purposes of this Statement, associated companies and joint ventures have been excluded from the Group. THE GROUP’S RISK MANAGEMENT SYSTEM The Group adopts the Enterprise-wide Risk Management Policy (“ERM Policy”) which is designed to manage risks in an integrated, systematic and consistent manner. It establishes the overall risk management framework and processes in defining the strategy to identify and manage risks across the Group. During the year under review, the ERM policy was reviewed and updated to benchmarked against the ISO31000:2018 Risk Management – Guidelines. In addition, ERM principles are embedded in the corporate culture, processes and structures of the Group. The main features of the Group’s risk management system are described in the following sections. ROLES AND RESPONSIBILITIES The Board regards risk management as an integral part of the operations and processes of the Group is assisted by the Sustainability* and Risk Management Committee (“SRMC”) to: • provide oversight of the Group’s significant risks; • determine the nature and extent of significant risks, i.e. the risk appetite and risk tolerance level, which the Group is willing to take in achieving its strategic objectives; • identify, assess and monitor key business risks faced by the Group; and • ensure that Management maintains an effective system of risk management and internal control to safeguard shareholders’ investments and the Group’s assets. The terms of reference (“TOR”) of the SRMC states, amongst others, that the SRMC also maintains a close relationship with the Audit Committee to minimise and/or prevent any overlapping of functions with the Audit Committee, which include the review of the adequacy and effectiveness of internal control system, including financial, operational, compliance, and information technology controls. During the financial year, SRMC had held 4 meetings on a quarterly basis to: • review the implementation of the risk management framework; • deliberate on the key business risks and the mitigating controls to address the risks identified; • provide oversight of the Group’s insurance, cyber risk management, business continuity management (“BCM”) programmes, Charts of Authority, and sustainability-related matters; and • recommend to the Board for endorsement or approval where necessary. The responsibility for day to day risk management resides with the Management of each function/business unit where they are the risk owners and are accountable for managing the risks identified and assessed. In managing the risks of the Group, Risk Management Department collaborates with the Management in reviewing and ensuring that there is on-going monitoring of risks, the adequacy and effectiveness of its related controls, and that action plans are developed and implemented to manage these risks within the acceptable level by the Group. This Statement on Risk Management and Internal Control is intended to provide our stakeholders and readers of this Annual Report with su&cient and meaningful information about the adequacy and current state of Fraser & Neave Holdings Bhd (“F&NHB” or the “Group”)’s system of risk management and internal control. Governance 139 Fraser & Neave Holdings Bhd ! Annual Report 2021