HOME

THE GROUP HAS IN PLACE AN ON-GOING CONTROL STRUCTURE AND PROCESS FOR IDENTIFYING, EVALUATING AND MANAGING THE SIGNIFICANT RISK FACED BY THE GROUP TO ACHIEVEMENT OF BUSINESS OBJECTIVES AND STRATEGIES THROUGHOUT THE FINANCIAL YEAR UNDER REVIEW


INTRODUCTION OUR QUEST TO EXCEL IN DELIVERING VALUE TO SHAREHOLDERS AND REALISING THE GROUP’S MISSION TO BE THE MOST PROGRESSIVE,EFFICIENT, PROFITABLE AND RESPECTABLE ORGANISATION IS UNDERPINNED BY THE CONTINUOUS IMPLEMENTATION OF ENTERPRISE RISK MANAGEMENT (“ERM”) FRAMEWORK ACROSS THE GROUP. OUR GROUP IS COMMITTED TO MANAGING RISKS INA PROACTIVE AND EFFECTIVE MANNER. THIS IS DEMONSTRATED THROUGH COMPREHENSIVE RISK ANALYSIS AT ALL LEVELS IN REDUCING THREATS, PURSUING OPPORTUNITIES AND CREATES COMPETITIVE ADVANTAGE.


Our Board recognises the importance of sound risk management and internal control system practices to good corporate governance with the objective of safeguarding the shareholder’s investment and the Group’s assets.


Our Board also acknowledges overall responsibility for the Group’s risk management and internal controls. This includes the establishment of an appropriate control environment and framework, as well as the need to review the effectiveness, adequacy and integrity of this system.


Our Group conducts periodic testing on the adequacy, effectiveness and integrity of the internal controls to ensure the achievement of objectives on the effectiveness and efficiency of operations, the reliability of financial reporting and compliance with applicable laws and regulations. Our Group has in place an on-going control structure and process for identifying, evaluating and managing the significant risks faced by the Group to the achievement of business objectives and strategies throughout the financial year under review.This process is regularly reviewed by our Board with the assistance from Audit Committee (“AC”) and the Management. The Board retains overall responsibility for implementing and monitoring the internal control and risk management process within the Group. 


Our Group’s system of internal control is designed to manage,rather than eliminate the risk which could arise from human error,the possibility of poor judgement in decision making, control process being deliberately circumvented by employees and others,management overriding controls and the incidence of unforeseeablecircumstances. Accordingly, it must be recognised that the system can only provide reasonable and not absolute assurance against misstatement, breaches of laws or regulations, fraud or losses.In addition, our management also takes into consideration the expected cost and benefits to be derived from the implementation of the internal control system.


Our statement is prepared in accordance with the Practice 9.0 of the MCCG 2017 and guided by the “Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers”. This guideline set out the obligations of management and the Board with respect to risk management and internal control. It also provides guidance on the key elements needed in maintaining a sound system of risk management and internal control and describes the process that should be considered in reviewing its effectiveness.The scope of the disclosure excludes associated company which is not under the control of the Group. 


RISK MANAGEMENT FRAMEWORK

The Group recognises that it is obliged to systematically manage and regularly review its risk profile at a strategic, financial,compliance and operational level. Our Group’s Enterprise Risk Management (“ERM”) framework incorporates the principles and guidelines of ISO 31000:2009 Risk Management. The framework defines our Group’s intention and commitment towards effective risk management and internal control practices. It also determines the responsibilities of the Group involves in ERM, outlines the risk management process and identifies tools for realising the Group’s objectives aside from supporting and sustaining risk management throughout the organisation. It supports our Group’s efforts to achieve the highest levels of corporate governance, including the creation of value in the short and long-term. 


The key success factors of our Group’s risk management process are active contribution and communication at operational and strategic level. Our Group’s risks are managed on an integrated basis and their evaluation is incorporated into the Group’s decision-making process such as strategic planning and each project feasibility studies. The continuous practices and application at Group-wide will ensure our Board has sufficient and accurate information about the level of risk the Group wants to take and with that information,appropriate controls will be implemented to ensure the achievement of the established business objectives. 


Our Board believes that the risk management framework is adequately overseen through the AC and assisted by the management via formation of RMCC. The RMCC is represented by senior management from all business functions of the Group. The Committee met four (4)times in 2018. This Committee which is cross-functional in nature,was formed to assist the Board in implementing the processes for identifying, analysing, evaluating, monitoring and reporting of risks and internal controls and to ensure proper management of risks to which our Group is exposed and to take appropriate and timely actions to manage such risks. The AC which consists of members with diversity in the industry and business knowledge will periodically review the risk management report and provides an objective view on the risk identification, assessment and challenge the management on the adequacy of mitigating strategies. 


A strong culture of ownership and accountability is further built through a clear identification of specific roles and responsibilities in our framework that is Board, Management Committee, RMCC, Risk Management and Compliance Department (“RMCD”), Risk Owner, Risk Co- Owner, Internal Audit Department and all staff. This has improved their understanding of the boundaries of their responsibilities and how their positions fit into the organisation’s overall risk and control structure as well as minimising the potential gaps in controls and unnecessary duplications of coverage.


RISK MANAGEMENT PROCESS 


During the year under review, our Group’s ERM approach which priorities risk according to their likelihood and impact goes through the following steps:


Department or Business Unit Risk Assessment:

The risk owner performs an exercise to identify and assess risk. The main sources of reference used at the identification phase are the business plans and budgets, financial and production performances, board and annual reports, audit findings, market and sector research, compliance report and historical data. The exercise also covers a comprehensive occupational safety and health risk assessment process through the Hazard Identification, Risk Assessment and Risk Control (“HIRAC”). The risk owner provides the RMCD with risk register updates on a quarterly basis. The risk level is determined according to their respective financial or non-financial risk parameter


Presentation to the RMCC:

The RMCD will facilitate the Risk Owner during the risk assessment and risk action planning. Each risk will be evaluated in terms of the adequacy and effectiveness of the existing internal checks and balances controls,so as to provide a reasonable assurance that the likelihood and impact of the adverse event are within a manage able and acceptable level. The level of likelihood of a particular outcome actually occurring, including a consideration of the frequency of the event are determined using an approved likelihood parameter. The impact of an event is similarly evaluated using an approved financial or non-financial impact parameter. The RMCC will review, rank and debate the risk profile, its ratings, control effectiveness and risk treatment options plans identified by the Risk Owners.


Compilation of Group Risk Profile: 

All the endorsed top risks as tabled in RMCC will be extracted as the Group Risk Profile in accordance with the Group’s financial or non-financial risk parameter.


Audit Committee Review: 

The AC provides an objective view on the significant risks presented by the Group Chief Risk Officer. The AC will requests and challenges risk information and its risk mitigation strategies implemented by the Group.The AC also acts as change catalyst in risk and control areas in the Group.


Board of Directors Review:

The Chairman of AC will bring to the Board’s attention, the significant risks as tabled and discussed in the AC meeting. The Board will then determines the final decision on the risk treatment options and risk action plans proposed by the Management.


In ensuring our Group achieves its objectives, sustains the businesses and continues to add value to the stakeholders in the short, medium and long-term, our risk management process and approach is tailored to Group’s structure and its constantly changing environment to ensure that our Group can continuously monitor and review its risks and the effectiveness of its risk management over time. Based on the results of monitoring and reviews, decisions are made on how the risk management programme can be improved. These decisions should lead to improvements in our Group’s management of risks and its risk management culture. 


A separate risk management function also exists within our Group’s listed subsidiary with the establishment of its own RMCC to assess and evaluate the risk management process of the company on a periodic basis. 


In essence, the Management of risks is treated as an interactive process. The benefits arising from effective risk management processes is the creation of awareness of risks among employees of different departments and business units.


UNDERSTANDING OUR SIGNIFICANT RISKS – TOP FIVE (5) GROUP RISKS 


The identification of our significant risks during the year was taking into consideration the internally and externally driven factors. The following represents our Group’s top strategic and operational risks that if we not effectively manage may create a significant or material adverse impact to the Group as well as impede the achievement of the established objectives and affect the Group’s ability to create value.

 

RISK FACTORS

MITIGATING STRATEGIES

Economy-wide phenomena which affect the
rate of industry growth, CPO, O&G prices
and increase operating costs
  • Market intelligence and being up-to-date on market conditions.
  • Combination strategies of spot and forward contract for sales and procurement.
  • Creation of new revenue stream.
  • Enhance the productivity and efficiency through an innovative solution.
  • Cost optimisation initiatives and prudent CAPEX and OPEX management.
Replacement of Investment is critical in
ensuring growth and business continuity.
  • Continuously explore and secure new opportunities with innovative solutions.
  • Comprehensive assessment and feasibility study for each new investment.
  • Incorporate good governance and internal controls practices
New Investment’s Risks with regards to
the industry, laws and regulations, politics,
country and local risks.
  • Revisit and strengthen the strategy to ensure the success of the investment.
  • Putting in place workable internal control and monitoring framework including corporate and systems infrastructure.
  • Proactive engagement with business partners and local stakeholders.
Liquidity Risk on existing and future funding
requirements in meeting its financial obligations
  • Matching of inflows and outflows of cash and maintaining sufficient credit facilities.
  • Borrowings are created in a particular currency to match payments and receipts or liabilities and assets.
  • Capital restructuring.
  • Monitor the agreed covenants with the lenders.
Safety, Health and Environment (“SHE”)
commitment towards building a fair, ethical
and responsible company.
  • Ensuring that SHE’s related issues are preventable; establish a workable and consistent approach to ensure no repetitive occurrences.
  • Embraces the principles of sustainable development in respect of 5Ps – Peace, Prosperity, Planet, People and Partnership.
  • Embarks on various initiatives in achieving the emissions reduction targets

BOARD AND MANAGEMENT

The Board and Management Committees are set up to promote corporate governance, transparency and accountability and to assist the Board in implementing and monitoring the system of internal controls within the Group with the aim of realising the vision, mission,strategies and objectives established for the Group. The Committees oversee the areas assigned according to their Terms of Reference(“TOR”) which are carefully developed to ensure that it is aligned with the Group’s objectives, short-term and long-term strategic plans and to avoid overlapping activities and gaps in governance coverage. 


During the period under review, we have set a broader function of the Project Risk Evaluation Committee (“PREC”) in assesing the viability of the projects for all investment proposals within the Group in terms of its financing, marketing and technical issues, be it a new project,expansion of business or joint venture projects. 


The composition of members of the committee is tailored to collectively have good knowledge of the industries, ability to understand fundamental financial indicators, including the knowledge of key business and financial risk, and internal control fundamentals. The new arrangement shall improve our evaluation process, the least element of surprises and ultimately provides a greater chance of success to the proposed investment.