ACCOUNTABILITY AND AUDIT Risk Management and Internal Controls and Audit Committee Principle 9: The Board is responsible for the governance of risk and ensures that Management maintains a sound system of risk management and internal controls, to safeguard the interests of the company and its shareholders. Risk Management and Internal Control Systems The Board is responsible for the governance of risk and sets the tone and direction for the Company in the way that it expects risks to be managed. The Board has overall responsibility for approving the business strategies of the Company in a manner which addresses stakeholders’ expectations and does not expose the Company to an unacceptable level of risk which could impede the achievement of the Company’s objectives. The Board sets the direction for how risk is to be managed in the pursuit of business objectives and promotes a risk aware and risk conscious culture, which is one where Management understands the importance of risk management and their responsibilities therein. Provision 9.1 Enterprise Risk Management Framework The Company has developed and continues to review and update the Risk Governance and Internal Control Framework Manual (“The Manual”). The Manual sets out the risk governance responsibilities, business strategies, risk tolerances, risk appetites and the accountability and oversight for the appropriate risk management activities which mitigate the occurrence and exposure to significant risks that could impede business objectives. Management has defined the business objectives to be pursued for the financial year and the specific risk tolerance and appetite limits. The Board has been provided the basis for which they are able to delegate their responsibilities and the authority and limits assigned to Management in respect of these critical business activities. The Board and the Company have through this Manual articulated the operating policies and risk mitigation activities that are in place to mitigate and provide contingencies to deal with the occurrence of significant business risks. In addition to this, Management has been evaluated on their ability to maintain an adequate and effective system of internal control environment. This evaluation takes into consideration the key internal control principles of ISO 31000:2009 Risk Management framework and the components of the Committee of Sponsoring Organisations of the Treadway Commission (“COSO”) which are the control environment, risk assessment, control activities, information and communication, and the monitoring activities within the Company. Management has provided responses to the Board to explain how they intend to resolve any potential internal control deficiencies identified through this process. To supplement the Manual, the Company already has in place an Enterprise Risk Management (“ERM”) framework which is aligned with the requirements of COSO Internal Controls Integrated Framework. The Company has updated the risk profile in the ERM framework through a Group-wide risk assessment exercise conducted in FY2024. This ensures that the risk register is current and reflects the changing business risk exposures and addresses the significant and relevant risks to the Group, the risk owners responsible for managing the identified risks and the internal controls in place to address those risks. Management continues to regularly review and update the risk register with the objective of assigning clear accountability and ownership of risks at the operating level to manage risks, addressing any material breaches in risk thresholds and highlighting any emerging or material risks to the Board. This serves to uphold the effectiveness of risk management as the second line of defense. The Group’s Internal Auditors, RSM SG Risk Advisory Pte. Ltd. have taken into consideration the Risk Governance and Internal Control Framework Manual, the updated risk register and risk profile contained within the Group’s Risk Assessment Report when preparing the annual internal audit plan. This risk-based internal audit plan is approved by the AC and internal audits are conducted to assess the adequacy and effectiveness of the Group’s system of internal controls and risk management in addressing financial, operational, information technology and compliance risks. This serves to ensure that internal audit as the third line of defense is able to function effectively. In addition, material control weaknesses over financial reporting, if any, are highlighted by the external auditors, Forvis Mazars LLP in the course of the statutory audit. 39 ANNUAL REPORT 2024 CORPORATE GOVERNANCE REPORT
RkJQdWJsaXNoZXIy NTkwNzg=