STRENGTH IN UNITY 58 In establishing a group-wide risk governance structure, ESR Group adopts the ‘four lines of defence’ model. This governance model aims to drive risk accountability and ownership at all levels of the organisation, at the same time maintaining the right level of commitment and segregation across stakeholders. 4th Line of Defence: Board Oversight 3rd Line of Defence: Independence Assurance 2nd Line of Defence: Management and Assurance People Processes Systems Risk Management Compliance 1st Line of Defence: Business Governance/Policy Management Operational Governance Financial Governance Policy Management Internal / External Audit Four Lines of Defence 1st Line of Defence: Business Governance/ Policy Management Processes, systems and risk owners constitute the first line of defence. Risk management should be embedded in day-to-day operations and governed by relevant established Group-wide policies and procedures that can manage risks to an acceptable residual level for the achievement of the business objectives. 2nd Line of Defence: Management and Assurance This line of defence comprises of risk management and compliance related functions within the Group. The main role of these functions is to ensure risk management and compliance related frameworks are well defined, and consistently applied across the organisation and embed a culture of risk ownership and accountability. 3rd Line of Defence: Independence Assurance Functions in this line of defence primarily provide independent assurance over the adequacy and effectiveness of risk management and internal control systems and recommend changes or improvements in response to the evolving internal and external business and control environments. 4th Line of Defence: Board Oversight The last line of defence against risks in any organisation is the Board of Directors. The Board, supported by the Audit Committee, is overall responsible for the governance and oversight of risk management and internal control systems within the Group to safeguard the interests of the Company and its stakeholders.
RkJQdWJsaXNoZXIy MTIwODcxMw==