Positioning for the Future | 39
The Group consistently seeks to improve and strengthen its ERM Framework. As part of the ERM Framework,
Management, amongst other things, undertakes and performs a Risk and Control Self-Assessment (RCSA) process.
As a result of the RCSA process, the Group produces and maintains a risk register which identimes the material risks it
faces and the corresponding internal controls it has in place to manage or mitigate those risks. The material risks are
reviewed annually by the RC, the AC and the Board. The RC also reviews the approach of identifying and assessing
risks and internal controls in the risk register. The system of risk management and internal controls is reviewed and,
where appropriate, remned regularly by Management, the RC, the AC and the Board.
The Group has established an approach on how risk appetite is demned, monitored and reviewed across the
Group. Approved by the Board, the Group Risk Appetite Statement (RAS), incorporating the risk limits, addresses
the management of material risks faced by the Group. Alignment of the Group’s risk promle to the Group RAS is
achieved through various communication and monitoring mechanisms (including key performance indicators set for
management) put in place across the Group.
More information on the Group’s ERM Framework can be found in the Enterprise Risk Management section on
pages 49 to 51 of this Annual Report.
Internal auditors and external auditors conduct audits that involve testing the effectiveness of the material internal
controls in the Group addressing mnancial, operational, compliance and information technology risks. This includes
testing, where practical, material internal controls in areas managed by external service providers. Any material
non-compliance or lapses in internal controls together with corrective measures recommended by internal auditors
and external auditors are reported to and reviewed by the AC. The adequacy and effectiveness of the measures taken
by Management in response to the recommendations made by the internal auditors and external auditors are also
reviewed by the AC.
The Board has received assurance from the P&GCEO and the GCFO that
(a) the mnancial records of the Group have been properly maintained and the mnancial statements for the year ended
31 December 2014 give a true and fair view of the Group’s operations and mnances; and
(b) the system of risk management and internal controls in place within the Group is adequate and effective in
addressing the material risks in the Group in its current business environment includingmaterial mnancial, operational,
compliance and information technology risks. The P&GCEO and the GCFO have obtained similar assurance from
the business and corporate executive heads in the Group.
In addition, in FY 2014, the Board has received quarterly certimcation by Management on the integrity of mnancial
reporting and the Board has provided a negative assurance conmrmation to shareholders as required by the Listing
Manual.
Based on the ERM Framework established and the reviews conducted by Management and both the internal auditors
and external auditors, as well as the assurance from the P&GCEO and the GCFO, the Board concurs with the
recommendation of the AC and is of the opinion, that the Group’s system of risk management and internal controls
addressing material mnancial, operational, compliance and information technology risks is adequate and effective to
meet the needs of the Group in its current business environment as at 31 December 2014.
The Board notes that the system of risk management and internal controls established by Management provides
reasonable assurance that the Group, as it strives to achieve its business objectives, will not be signimcantly affected
by any event that can be reasonably foreseen or anticipated. )owever, the Board also notes that no system of risk
management and internal controls can provide absolute assurance in this regard, or absolute assurance against poor
judgement in decision making, human error, losses, fraud or other irregularities.
Corporate Governance & Transparency
