Enterprise Risk Management is defined as a process, affected by an entity’s Board of Directors, Management and other personnel, applied in a strategic setting and across the enterprise. It is designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
The Board of Directors (the Board”) via the Risk Management Committee (“RMC”) has constituted a Risk Management Working Group (the “Group” or “RMWG””). The purpose of the formation of this Group to assist the RMC in fulfilling its oversight responsibilities with respect to the Group's risk management processes, including assessment of key strategic and operational risks.
Also, to comply with the Malaysian Code of Corporate Governance (“MCCG”) and Main Market Listing Requirements (“Listing Requirements”) of Bursa Malaysia Securities Berhad (“Bursa”) that require listed companies to establish a risk management committee which is to be disclosed in the Annual Report and company’s official website.
(i) Composition of the Risk Management Committee (“the Committee” or “RMC”)
Based on the requirement of the MCCG, the majority of the Committee should comprise of Independent Director. In this case, Fibon Berhad (“Fibon”) shall be appointing two (2) Independent Directors and one (1) Executive Director.
The Committee may form and delegate authority to one or more subcommittees (including a Sub-Committee consisting of a single member), as it deems appropriate from time to time under the circumstances. Sub-Committee is formed on an ad-hoc basis to address or monitor a risk issue.
(ii) Criteria for selection
Members of the Committee need to have the will to deliberate issues, rationally, objectively and practically. Secondly, the Members shall not be worried of “witch-hunt” or suppression by fellow Directors in discharging their responsibilities.
(i) Reporting Line
The Committee shall report directly to Audit Committee.
Based on the Risk Management Working Group Charter, the Committee shall meet at least once annually. Meetings of the Committee may be called by the Chairman.
The Committee may invite to its meetings, or exclude in its discretion, any other director, Risk Management Working Group (“RMWG”), management of the Company and such other persons as it deems appropriate in order to carry out its responsibilities.
(c) Composition of RMWG
The Chairman and the members of the Risk Management Working Group (“RMWG”), have been identified from the Management as follows: Chairperson: Ms. Chong Hui Wen Members: a) Datin Pang Nyuk Yin b) Ms. Chong Sok Wei c) Ms. Wan Hui Ern
(i) Meetings shall be held not less than once a year and the RMWG, Board or the Audit Committee and the Internal Auditor (“IA”) shall normally be invited to attend the meetings. Other Management members shall be invited to attend as and when required by the RMC.
(ii) Company Secretary shall be the Secretary of the RMC and shall provide the necessary administrative and secretarial services for the effective functioning of the RMC. The draft minutes shall be circulated to the RMC members for comment within two (2) weeks after the meeting and the minutes shall be tabled at the subsequent RMC meeting for approval/adoption.
The Board has defined the roles and responsibilities of RMC. This is to ensure that risk management framework is in place with an adequate awareness and understanding of risk and control by the Management and risk owners in order to safeguard stakeholders’ interests and add value to the organisation.
As such, the Board has delegated the monitoring and reviewing of the risk management plan to the Committee and such other functions as it may deem fit.
(i) Role of Chairman
The Chairman will act as facilitator at meetings of the Committee and ensure that no Committee member, whether executive or independent non-executive, dominates the discussion, and that appreciates discussion takes places and that relevant opinion among Committee members are forthcoming.
The key roles and accountabilities of the Chairman include:
(a) Managing Committee communications and its effectiveness.
(b) Creating conditions for good deliberation and decision making.
(c) Ensuring Company’s policies and procedures are in compliance with good conduct and best practices.
(d) Maintaining good contact and effective relationships with external parties, investing public, regulatory agencies and trade associates.
(e) Ensuring that quality information to facilitate decision-making is delivered to the Board on timely manner.
(f) Focal point of communications with external parties (in particular External Auditors, Investors, bankers and shareholders).
The Chairman shall also coordinate with the Chairman of the Audit Committee to assist the Audit Committee in its review of the Company’s system of internal control that have been delegated to the Audit Committee in its terms of reference.
(ii) Role of Committee
The function of RMC in which their authority and responsibilities have been incorporated shall be as follows:
(a) To review and discuss with RMWG the Company’s risk governance structure, risk assessment and risk management practices and the guidelines, policies and processes for risk assessment and risk management.
(b) To review and discuss with Board and the Management of the Company’s risk appetite.
(c) To receive, as and when appropriate, reports from the Company’s Internal Auditors’ internal audit function on the results of risk management reviews and assessments.
(d) To receive, deliberate and accept, as and when appropriate, reports from the Company’s RMC their risk management report.
(e) To approve the appointment and, when and if appropriate, replacement of the Company’s Chairman of the RMWG, whom shall have a reporting relationship with the Committee.
(f) To review the disclosure regarding the risk management and internal control statement.
(g) To review reports on selected risk topics as the committee deems appropriate from time to time.
(h) To be given unrestricted access to the Group’s Management and the accurate and complete information pertaining to the Company and/ or the Group including from the Company and / or the Group’s auditors and consultants.
(i) To discharge any other duties or responsibilities delegated to the Committee by the Board.
(j) The Committee shall have the authority to delegate any of its responsibilities to Sub-Committees as the Committee may deem appropriate. The Committee shall have authority to retain such outside legal counsel. Experts and other advisors as the committee may deem appropriate in its sole discretion. The Committee shall have sole authority to approve related fees and retention terms.
(k) The Committee shall report its actions and any recommendations to the Board and shall conduct and present to the Board an annual performance evaluation of the Committee. The Committee shall review at least annually the adequacy of this Charter and Framework and recommend any proposed changes to the Board for approval.
(l) Attend all necessary and required trainings (internal and external courses) at the expense of the Company in order to equip and update themselves on the latest pronouncement and regulations concerning risk management and internal audit.
(iii) New Committee members
A new Committee member shall be briefed on the terms of their appointment, their duties and obligations and on the operations of the Group. Copies of the following shall be provided to the newly appointed Committee:
(a) Board Charter;
(b) Risk Management Charter;
(c) Term of Reference of Auditor Committee;
(e) Committees’ composition and terms of reference;
(f) Latest business plans;
(g) Latest annual reports and financial statements;
(h) Organisation chart;
(i) Site visitation.
(i) Executive Powers of the Committee
The Committee shall have the authority to engage such independent legal and other advisors as it deems necessary or appropriate to carry out its responsibilities. Such independent advisors may be the regular advisors to the Group. The Committee is empowered, without further action by the Board, to cause the Group to pay the compensation of such advisors as establish by the Committee.
Implementation of Controls
The Committee shall have the authority to instruct any of the Management to execute the corrective action plan proposed by the Risk Owners as long as the plan does not hamper/in conflict with the Organisation’s objectives. The Committee also have the authority to request the Risk Owner or the Management to report directly to the Committee of their action plan.
8. CORPORATE GOVERNANCE DISCLOSURE
The Committee guided by paragraph 15.27 of the Listing Requirements shall ensure the Company provide adequate narrative statement of its risk management framework.The Risk Management and Internal Control Statement would be concurrently recommended by the Committee and also the Audit Committee. Both the Committees shall then propose to the Board of Directors for approval. Disclosure of the statement are made by way of circulating the Annual Report in publicly available domain and at the Company’s website (if recommendation) by the Board. The Committee shall also oversee the publication of the risk management framework the official company’s official website.