Enterprise Risk Management
Enterprise Risk Management

The Company’s business activities are exposed to risk as well as opportunities due to a continuously changing business environment. The risk management philosophy of the Company is to mitigate adverse outcome of the identified risks while maximizing the positive contribution of opportunities, in order to secure long term value to our shareholders.

The Company, through the Board of Directors, shall promote a risk-aware culture by making risk management a responsibility of every employee and an integral part of the Company’s strategic and operational planning, and day-to-day management and decision making. The Board shall appoint a Chief Risk Officer (the “CRO”) who shall oversee and supervise entire enterprise risk management process and recommend improvement of ERM processes and documentation. The Company, through the CRO, shall manage and minimize risks by identifying, analysing, evaluating and treating exposures that may impact on achieving its objectives and the continued efficiency and effectiveness of its operations.

These activities are reviewed and monitored by supervising committees of the Board such as the Executive Committee and the Audit Risk Oversight and Related Party Transaction (the “ARORPT”).

The ARORPT Committee provides oversight over the Company’s risk management processes. It monitors and reviews risk exposures and risk mitigation plans of the Company and evaluate the Company’s risk management systems for its effectiveness and adequacy. The Committee likewise annually reviews the Company’s approaches to risk management, and recommends as necessary to the Board regarding the Company’s risk management policies and procedures. The Company shall adopt a bottom-up approach in its risk management process, with line management primarily responsible for the identification of risks and the implementation of its control strategies. Training programs to explain the value of risk management and understand the risk responsibilities of personnel in the different organization levels shall be held periodically to ensure that sound risk management and safety practices are implemented in the day-to-day operations.