MISC BERHAD | Annual Report 2017 142 STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL The Malays i an Code on Corporate Governance 2017 (MCCG 2017) recommends as best pract i ces t hat t he Board establ i shes an ef fect i ve r i sk management and i nternal control framework , and d i sclose i n t he Company's Annual Report t he ma i n features of t he r i sk management and i nternal control framework. Pursuant to Paragraph 15.26(b) of the Main Market Listing Requirements (MMLR) of Bursa Malaysia Securities Berhad (Bursa Securities), the Board is also required to include in the Company’s Annual Report, a statement about the state of internal control of the listed issuer as a group. Accordingly, the Board is pleased to provide the Company’s Statement on Risk Management and Internal Control for the ƓQDQFLDO \HDU HQGHG 'HFHPEHU ZKLFK ZDV SUHSDUHG LQ accordance with the ‘Statement on Risk Management & Internal Control : Guidelines for Directors of Listed Issuers’, endorsed by Bursa Securities. ACCOUNTABILITY OF THE BOARD The Board recognises its principal responsibility of establishing an effective risk management and internal control framework, as manifested in MCCG 2017. Accordingly, the Board has entrusted the responsibility of risk management oversight to the MISC Board Audit & Risk Committee (BARC). In respect of risk management, the BARC is supported by the MISC Risk Management Committee (RMC) that comprises mainly Heads of Divisions. The Company’s risk management framework is used to identify, evaluate and manage the principal risks of the Group and appropriate internal control systems are also implemented to manage these risks, details of which are set-out in the following pages. In respect of risk management, the BARC periodically reviews WKH HIƓFLHQF\ DQG HIIHFWLYHQHVV RI WKH *URXSōV LQWHUQDO FRQWURO system to ensure viability and robustness of the system. Group Internal Audit (GIA) with its risk-based approach supports the BARC in ensuring the said internal control systems are in place and effective in dealing with risks. The BARC is also supported by WKH 0DQDJHPHQW &RPPLWWHH 0& WR UHŴHFW WKH SURPLQHQFH DQG focus by management on the control and risks of the organisation. In dealing with risks, the Board understands that it is not always possible, cost-effective or practical to eliminate risk altogether. Accordingly, these internal control systems can only provide reasonable assurance against material misstatement or loss. 7KXV WKH %RDUG DGRSWV D FRVW EHQHƓW DSSURDFK WR HQVXUH WKDW the expected returns outweigh the cost of risk mitigation. RISK MANAGEMENT FRAMEWORK In 2015, the Board had approved the adoption of the PETRONAS Resiliency Model (PRM) which provides an integrated view for managing risk and is also guided by international best practice as per ISO 31000. The PRM focuses on three frameworks namely: i. Enterprise Risk Management (ERM) ERM process is an integral part of managing business that provides a guide to systematically identify, assess, treat, monitor and review risks. It aims to improve the ability to UHGXFH WKH OLNHOLKRRG DQG LPSDFW RI LGHQWLƓHG ULVNV WKDW PD\ affect the achievement of business objectives. ii. Crisis Management (CM) &ULVLV 0DQDJHPHQW GHƓQHV WKH VWUXFWXUH DQG SURFHVVHV IRU managing emergencies including crises at both domestic and international operations. iii. Business Continuity Management (BCM) Business continuity practices ensure a structured recovery of business operations and business continuity in the event of a crisis or prolonged business disruption. The MISC Risk Policy states that :- “MISC shall adopt and implement risk management best practices by identifying, assessing, treating and monitoring of risks as well as effectively responding to crisis. In the event of prolonged disruption, business continuity practices shall be adopted to restore and ensure continuity of MISC’s key business activities.” The Group has implemented risk management best practices in the form of ERM framework which ensures all business risks are SUXGHQWO\ LGHQWLƓHG HYDOXDWHG WUHDWHG DQG PDQDJHG DFFRUGLQJO\ to achieve MISC’s strategic objectives.