RISK MANAGEMENT The Group takes a proactive approach in having a sound and robust risk management framework that ensures the Group is ready to meet challenges and seize opportunities through risk-informed decision-making. The risk management programme not only plays an integral part of our business, both strategically and operationally but also aims to create value for ESR’s stakeholders. Our objective is not risk minimisation, but rather the optimisation of opportunities within the known and agreed risk appetite levels set by the Board of Directors (“Board”). The Group’s Enterprise Risk Management (“ERM”) Framework provides a holistic and systematic approach for the identification, assessment, monitoring and reporting of risks. It is designed to be dynamic with the intent of fostering the right risk culture and responds promptly and effectively in the constantly evolving business environment. At ESR, the risk management culture involves both topdown oversight from the Board and management and bottom-up engagement from employees. This ensures a risk approach that is aligned with the Group’s business objectives and strategies and also helps the organisation anticipating its risk exposure, putting mitigating controls in place to counter threats, while pursuing its objectives. STRONG OVERSIGHT AND GOVERNANCE The Board is responsible for determining the Group’s overall risk strategy and governance and maintenance of a sound system of risk management and internal controls in accordance to market practices and regulatory requirements. The Board reviews the adequacy of the resources involved in establishing the risk management framework across the Group and monitors the independence of risk management function throughout the Group. The Board, which is supported by the Audit Committee, comprises directors, whose collective diverse experience and knowledge serve to provide guidance and strategic insights and oversees the design, implementation and monitoring of risk management within the Group. The Audit Committee comprises three Independent NonExecutive Directors and meets at least twice annually. In establishing an organisation-wide risk governance structure, ESR adopts an ERM Framework which is adapted from both ISO 31000 International Risk Management Standards and COSO Internal ControlIntegrated Framework for identifying, assessing, monitoring and reporting of risks. This framework aims to drive risk accountability and ownership at all levels of the organisation, at the same time maintaining the right level of commitment and segregation across stakeholder groups. The Group Risk Management department works closely with the management to continually review and enhance the risk management system in accordance with market practices and regulatory requirements, under the guidance and direction of the Audit Committee and the Board. Major changes to the ERM Framework, risk policies, risk parameters and terms of references are discussed with the Audit Committee. Risk Reporting Structures, Roles, Responsibilities, Communications Risk Management Process Iterative and continuous 4-Step Process Key Risk Categories Key Assurance Risk Appetite, Tolerance, Attitudes and Philosophy Risk Strategy Internal Audit Delegation of Authority Whistle blowing Policy Management Risk Governance Identify 1 Monitor & Report 4 Assess 2 Manage 3 Strategic Compliance Financial Technology Operational Financial Governance Compliance Governance Operational Governance E S R C A Y M A N L I M I T E D A N N U A L R E P O R T 2 0 2 1 59 CORPORATE GOVERNANCE
RkJQdWJsaXNoZXIy ODIwNTc=