Fraser & Neave Holdings Bhd Annual Report 2021

THE ENTERPRISE RISK MANAGEMENT #“ERM”$ PROCESS The ERM process involves a systematic application of the risk management methodology to facilitate risk identification, assessment, reporting as well as monitoring and review as described below: RISK IDENTIFICATION AND ASSESSMENT • The ERM process begins with the business strategies and objectives setting and/or review prior to the commencement of every financial year, which is also aligned to the Group’s vision and mission. Subsequently, risks arising from the business strategies and objectives to be pursued are identified. • A consistent approach in determining the risk likelihood and risk impact is adopted across the Group to reflect the risk appetite approved by the Board. • Risks identified are assessed to determine their likelihood of occurrence and potential impact on the relevant business strategies/ objectives. The outcome of the risk assessment process at respective functional or business unit levels will then be consolidated at the Group level in a Corporate Risk Scorecard which enables subsidiaries within the Group to report risks and risk status using a common platform. RISK REPORTING AND REVIEW Annual Review • Risk appetite and risk tolerance statements, which set out the nature and extent of risks that the Group is willing to accept or retain in pursuit of its goals and objectives, are reviewed by the SRMC and approved by the Board annually. • Impact parameters, upon which the risk ratings are measured against the likelihood, are reviewed and updated annually. Quarterly Review • On a quarterly basis, the risk profiles of the key subsidiaries are tabled to the Management Risk Committee and the SRMC in a heat map, which sets out the priority and focus for risk mitigation strategies based on risk ratings at gross and net levels. The net risk level is determined after taken into consideration the e!ectiveness of existing controls and risk treatment plans. The risks identified and assessed are reported under the following categories: The Management Risk Committee, chaired by the Chief Executive O&cer (“CEO”) and supported by the Functional Heads, Business Unit Head, and the Head of Departments, meets on a quarterly basis to share emerging and significant risks faced by the business, and ensure that the mitigating controls and action plans are conducted within the boundaries set by the ERM Policy, prior to escalation to the SRMC. * For further details on sustainability related matters, refer to Sustainability Report. Board of Directors Senior Management & Operating Units Sustainability & Risk Management Committee RISK MANAGEMENT STRUCTURE 140 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL