1. Introduction
The Board regards risk management as an integral part of the Sersol Berhad (“Sersol” or “the Company”) and its subsidiaries (“the Group”) business operations and is committed to the development of an effective enterprise risk management framework.
The risk management policy is the starting point in the risk management initiative and has been prepared to ensure that risk management becomes a concern for everyone in the Group and that risk management practices are consistent throughout the Group, involving employees at all levels within the different business units (i.e. departments, sections, and business centres) of the Group.
2. Definition and Purpose
The risk management policy establishes the scope, policies and processes that describe how risks are managed. It also defines clear roles and responsibilities of the individuals or units involved in the entire risk management processes.
The purpose of the risk management policy is to define an ongoing and consistent process for identifying, assessing, monitoring and reporting of significant risks faced by the business units and ultimately the Group.
3. Scope
The primary goals of the Group’s Risk Management Policy are to support the overall business objectives of the Group by:
- Providing strategies, policies and organizational structure for the management risks that the Group assumes in its activities.
- Defining risk management roles and responsibilities within the organization and outlining procedures to mitigate risks.
- Ensuring consistent and acceptable management of risk throughout the business.
- Defining a reporting framework to ensure the communication of necessary risk management information to senior management and personnel engaged in risk management activities.
4. Risk Management Philosophy
The Group will always act prudently to ensure that risks, which can prevent the Group from achieving its objectives, are adequately identified, assessed and effectively managed.
It is recognized that not all risks can be eradicated. Nevertheless, the Group is committed to the development of an adequate and effective enterprise risk management framework, which is capable of facilitating the identification, assessment and prioritization of all risks confronting the Group and development of effective measures to mitigate the risks. The Group is to continuously review the enterprise risk management framework to ensure it is operating as intended.
5. Accountability, Roles and Responsibilities for Risk Management
Roles and responsibilities for risk management within the Group are summarized below:
5.1. Board of Directors
The Board of Directors recognizes its responsibility for establishing a sound framework to manage risks and provides the risk oversight function, which includes:
(i) approving the Group’s risk philosophy / policy
(ii) approving the Group’s risk management framework as well as ensuring adequate resources and knowledge of management and staff involved in the risk management process;
(iii) reviewing and approving the Group’s risk portfolio and determining the Group’s risk tolerance;
(iv) assessing and monitoring key business risks to safeguard shareholders’ investments and the Group’s assets.
5.2. Audit and Risk Management Committee (“AC”)
The AC assists the Board in establishing a sound framework to manage risks, which includes:
(i) reviewing the Group’s risk philosophy / policy;
(ii) reviewing the extent to which management has established an effective enterprise risk management framework;
(iii) reviewing the Group’s risk management framework and assessing the resources and knowledge of management and staff involved in the risk management process;
(iv) reviewing the Group’s risk profile and risk tolerance.
5.3. Risk Management Working Committee (“RMWC”)
The RMWC, comprises of 7 members (Production Development Manager, Production Manager, Business Development Manager, Admin& Human Resource Manager, Accounts Executive, Purchase Executive and Operation Manager), assists the Board and the AC with the overall responsibility for overseeing the risk management activities of the Group and approving appropriate risk management procedures and measurement methodologies across the Group.
The principal roles and functions of the RMWC are summarized as follows:
• Developing and implementing the risk management philosophy / policy
• Developing and maintaining risk management procedures and measurement methodologies of the various departments
• Reporting the significant risks affecting the Group and recommending the mitigation plans
• Monitoring the progress of risk mitigation plans
• Reporting to the AC on the risk management framework and the Group’s risk profile
• Creating risk awareness within the organization
5.4. Risk Owner
Risk owners comprise heads of business units. They perform the operational risk assessment, management, monitoring and reporting risk exposures in their areas / activities within their control.
5.5. Staff
Staff should be aware of operational risks, undertaking risks in a careful and conscientious manner that reflects – but no limited to – the Group policies. They are to report any new or escalating risks identified to the Risk Owners.
5.6. Internal Audit Unit (“IAU”)
The IAU conducts periodic reviews on high risk operational areas to ensure that appropriate internal control systems are in place to manage such risks.
6. Risk Management Structure and Cycle
6.1. Risk Management Reporting Structure
6.2. Risk Management Overview Process Cycle
6.3. Flow Chart – Strategic
6.4. Flow Chart – Strategic
7. Periodic Review
This policy shall be reviewed annually by the Board.