35
CapitaLand Limited
Annual Report 2015
Overview
Sustainability
Business
Review
Portfolio
Details
Corporate
Governance &
Transparency
Financials &
Additional
Information
(e) considers and advises on risk matters referred to it by Management or the Board including reviewing and reporting to
the Board on any material breaches of approved risk limits, any material non-compliance with the approved framework
and policies and the adequacy of any proposed action.
The Group adopts an Enterprise Risk Management (ERM) Framework which sets out the required environmental and
organisational components for managing risk in an integrated, systematic and consistent manner. The ERM Framework and
related policies are reviewed annually. A team comprising the P&GCEO and other key management personnel is responsible
for directing and monitoring the development, implementation and practice of ERM across the Group.
The Group consistently seeks to improve and strengthen its ERM Framework. As part of the ERM Framework, Management,
among other things, undertakes and performs a Risk and Control Self-Assessment (RCSA) process. As a result of the RCSA
process, the Group produces and maintains a risk register which identifies the material risks it faces and the corresponding
internal controls it has in place to manage or mitigate those risks. The material risks are reviewed annually by the RC, the AC
and the Board. The RC also reviews the approach of identifying and assessing risks and internal controls in the risk register.
The system of risk management and internal controls is reviewed and, where appropriate, refined regularly by Management,
the RC, the AC and the Board. Where relevant, reference is made to the best practices and guidance in the Risk Governance
Guidance for Listed Boards issued by the Corporate Governance Council.
The Group has established an approach on how risk appetite is defined, monitored and reviewed across the Group. Approved
by the Board, the Group Risk Appetite Statement (RAS), incorporating the risk limits, addresses the management of material
risks faced by the Group. Alignment of the Group’s risk profile to the Group RAS is achieved through various communication
and monitoring mechanisms (including key performance indicators set for Management) put in place across the Group.
More information on the Group’s ERM Framework can be found in the Enterprise Risk Management section on pages 50 to 52
of this Annual Report.
Internal and external auditors conduct audits that involve testing the effectiveness of the material internal controls in the
Group addressing financial, operational, compliance and information technology risks. This includes testing, where practical,
material internal controls in areas managed by external service providers. Any material non-compliance or lapses in internal
controls together with corrective measures recommended by the internal and external auditors are reported to and reviewed
by the AC. The adequacy and effectiveness of the measures taken by Management in response to the recommendations
made by the internal and external auditors are also reviewed by the AC.
The Board has received assurance from the P&GCEO and the GCFO that:
(a) the financial records of the Group have been properly maintained and the financial statements for FY 2015 give a
true and fair view of the Group’s operations and finances; and
(b) the system of risk management and internal controls in place within the Group is adequate and effective in addressing
the material risks faced by the Group in its current business environment including material financial, operational,
compliance and information technology risks. The P&GCEO and the GCFO have obtained similar assurance from the
respective businesses and corporate executive heads in the Group.
In addition, in FY 2015, the Board has received quarterly certification by Management on the integrity of financial reporting
and the Board has provided a negative assurance confirmation to shareholders as required by the Listing Manual.
Based on the ERM Framework established and the reviews conducted by Management and both the internal and external
auditors, as well as the assurance from the P&GCEO and the GCFO, the Board concurs with the recommendation of the AC
and RC and is of the opinion that the Group’s system of risk management and internal controls addressing material financial,
operational, compliance and information technology risks is adequate and effective to meet the needs of the Group in its
current business environment as at 31 December 2015.
The Board notes that the system of risk management and internal controls established by Management provides reasonable
assurance that the Group, as it strives to achieve its business objectives, will not be significantly affected by any event that
can be reasonably foreseen or anticipated. However, the Board also notes that no system of risk management and internal
controls can provide absolute assurance in this regard, or absolute assurance against poor judgement in decision making,
human error, losses, fraud or other irregularities.
