ESR Group Limited Annual Report 2023 59 RISK MANAGEMENT PROCESS The Group adopts a four-step iterative risk management process aimed at identifying, assessing, managing, monitoring and reporting different types of risks. How to identify and priorities risks? ERM Process The ERM Process is a standard, iterative, and continuous 4-step process What are the key causes & consequences of the risks? How to monitor and report the risks? What are the internal controls or mitigation measures in place to manage the risks? 1 2 4 3 IDENTIFY & PRIORITISE ASSESS MANAGE MONITOR & REPORT Risk Identification ESR Group adopts an integrated top-down and bottom-up risk review process to enable comprehensive identification and prioritisation of key risks throughout the Group. Key stakeholders within the organisation will come together to discuss the top-tier risks and examine any other risk issues and emerging risks that they consider important. This ensures a risk approach that is aligned with the Group’s business objectives and strategies, and which is also integrated with operational processes for effectiveness and accountability. The risk identification process includes the establishment of risk context, identification of risk factors, analysis and evaluation of risk levels and their related likelihood and impact on the business performance of the Group. The Group’s risk profile, including key risks, is reviewed and refreshed annually, or more frequently when the business environment warrants. The information is maintained and documented in a risk register, with risks sub-categorised into strategic, financial, operational, compliance and technology. Within the category of operational risk, the Group also considers climate-related risks which are relevant to the business. A five-by-five risk matrix is used as the primary tool to facilitate the prioritisation of risks based on likelihood and impact. Risks are valued on the matrix based on the likelihood of occurrence and magnitude of impact should the risks materialise. The magnitude of impact includes consideration of financial, regulatory, reputational, operational and environmental effects. Parameters representing ESR Group's risk appetite and tolerance are also established to guide the evaluation of risks on the matrix. This risk identification exercise monitors any risk changes and trends as well as the effectiveness of the related control mechanisms and/or control activities within the overall risk profile. The Group Risk Management department works closely with the risk owners to identify key risks, assess their likelihood and impact on the Group’s business, and establish corresponding mitigating controls to manage these risks. STRATEGIC REPORTS CORPORATE GOVERNANCE FINANCIAL STATEMENTS
RkJQdWJsaXNoZXIy MTIwODcxMw==