QL Resources Berhad (428915-X)
50
The Group has a Risk Management Department (“RM”), led by the Group Risk Management Manager, that acts as a central
contact and guide for ERM issues within the Group. The RM facilitates and supervises implementation of the ERM
framework and processes with the respective business units. The RM reports functionally to the RMC and Audit Committee.
During the financial year under review, the Group’s activities expose it to the following principal risks:
•
Operating Risk
The Group’s policy is to assume operating risks that are manageable within its core business competencies. Operating
risk management ranges from disease outbreak and information technology. The management of the Group’s day-to-
day operational risks are mainly decentralised at the respective business unit level and guided by Standard Operating
Procedures.
•
Financial Risk
The Group is exposed to various financial risks relating to foreign currency risks, credit risks, interest rate risks, liquidity
risks and commodity prices. These financial risks are mitigated through internal control process and constant
monitoring.
The key aspects of the risk management process are as follows:
•
Emerging and existing risks are identified and reviewed by each business function/activity and are classified based
on assessment of probability of occurrence and impact magnitude. The level of residual risk is determined after
identifying and evaluating the effectiveness of existing controls/mitigating action plans.
•
Head of business units undertake to update their risk worksheet profiles on a quarterly basis.
•
The risk worksheet profiles, control procedures and status of action plans are reviewed for efficacy on a periodic basis
by the Group Risk Management Manager with the Head of business units
•
On a quarterly basis, the RMC meets to review the status of risk reviews, the high and significant risks identified and
the progress of the implementation action plans. Consequently, a risk management report summarising the high and
significant risks and/or status of action plans are presented to the Audit Committee for review, deliberation and
recommendation for endorsement by the Board of Directors.
Enterprise Risk Management refresher trainings were conducted by third party facilitator during the past financial year as
part of the ERM awareness enhancement activity. Going forward, the RMC is embarking on the following to further
strengthen the existing risk management controls within the Group:
•
Refining the Delegation and Limits of Authority Matrix to further facilitate operational efficiency and accountability within
the Risk Management Framework.
•
Further aligning the Group’s Risk Appetite Policy with strategic business directions.
•
Utilising ERM Software System for more effective and objective assessment and management of risks.
Statement on Risk Management
and Internal Control
(Cont’d.)
