Annual Report 2020

The Group has a Risk Management Department (“RM”), led by the Group Risk Management Manager. The RM facilitates and supervises the implementation of the ERM framework and processes by the respective business units. The RM reports functionally to the RMC and RMU. During the financial year under review, the Group’s activities were exposed to the following principal risks: • COVID-19 Pandemic Since the Government enforced a Movement Control Order (MCO) on 18 March 2020, the RMU has been embarking on weekly meetings and closely monitoring the impact of COVID-19 on the Group’s operations. Being a food producing company, falling under the category of essential services, QL has assured sufficient food supplies for our customers and adhered to the standard operating procedure (SOP) set by the Government. The priority is to ensure the health and safety of our employees and customers. • Operational Risk The Group’s policy is to assume operational risks that are manageable within its core business competencies. The operational risk management ranges from disease outbreak, power failure, fire breakout, food contamination, halal issues and environmental risks. The management of the Group’s day-to-day operational risks are mainly decentralised at the respective business unit level and guided by standard operating procedures (SOPs). • Financial Risk The Group is exposed to various financial risks relating to foreign currency exchanges and credit risks. These financial risks are mitigated through internal control processes and constant monitoring. • Information Technology Risk The Group is exposed to various information technology risks. This includes potential risks such as network security risk, data protection risk and cybersecurity risk. These risks aremitigated through regular information technology risk assessment and relevant action plans. The Management is wary of cybersecurity risk and the framework has been prepared. The Group is in the process of implementing the Cybersecurity Framework. The key aspects of the risk management process are as follows: • The Group Risk Management Manager coordinates the periodic review of risk registers which are carried out to assess changes in the Environmental, Social, Governance (ESG) that could significantly impact the Group and its key risks. • Heads of Business Units undertake to update their risk profiles’ worksheet on a quarterly basis. • The risk profiles’ worksheet, control procedures and status of action plans are reviewed for efficacy on a periodic basis by the Group Risk Management Manager together with the Heads of Business Units. Annual Report | 2020 QL Resources Berhad 88 Statement on Risk Management and Internal Control