RISK GOVERNANCE The Group’s risk governance structure is built on a "three lines of defence" model, which clearly outlines how specific duties related to risk and controls are assigned and coordinated within the Group, to facilitate timely risk identification, escalation, and provision of Board assurance. The Board is responsible for the governance of risk and for setting the strategic direction of the Group. It ensures that management maintains a sound system of risk management and internal controls. The Board is supported by the Audit & Risk Committee (ARC) in overseeing financial reporting, audit matters, and the governance of risks. The ARC regularly reports to the Board on key risk issues, findings, and recommendations. The ARC evaluates the nature and extent of significant risks which the Group may undertake in achieving its strategic objectives, and guides management in the formulation and implementation of the risk management framework, policies and processes. This ensures that material risks are effectively identified, assessed, mitigated, and monitored, thus safeguarding shareholders’ interests and the Group’s assets, strengthening corporate sustainability. Board Audit and Risk Committee Third Line of Defence Board Level Oversight Management Oversight Type of Information Alignment, communication, coordination, collaboration Risk and control certifications from head of division/department (for e.g. Control Self-Assessment) Legend: : Direct reporting line : Indirect/administrative reporting line Second Line of Defence First Line of Defence Risk Management and Internal Control Information EXCO Management Risk Committee ERM Risk Owners External Assurance Providers Internal Audit ANNUAL REPORT 2024 CORPORATE GOVERNANCE 35
RkJQdWJsaXNoZXIy ODIwNTc=