RISK MANAGEMENT Three Lines of Defence Model First Line of Defence – Risk Owners – Second Line of Defence – ERM – Third Line of Defence – Internal Audit & MRC – The line managers of the respective business and support functions are accountable and responsible for implementing and executing effective controls to manage the risks arising from their day-to-day business activities. This includes establishing adequate managerial and supervisory controls to ensure compliance with policies, risk appetite, threshold limits and effective risk controls, and to highlight gaps, process inadequacies and unexpected risk events. The ERM function is responsible for designing, implementing and improving the risk management framework as part of the ERM and control assurance program. It also provides independent identification, assessment, monitoring, and reporting of the Group’s risk profiles, portfolio concentrations and material risk issues to the MRC and the ARC. The MRC comprising Senior Management and relevant key executives, meets with the ExCo to discuss material risks and the adequacy and effectiveness of mitigations on a regular basis, at least once quarterly. The meeting is facilitated by the ERM function. The Internal Audit department provides independent assurance on the adequacy and effectiveness of the internal controls and risk management framework to senior management and the ARC. Significant risk issues are then surfaced for discussion with the ARC and the Board by ExCo on a regular basis, at least once quarterly, to keep them fully informed in a timely and accurate manner. All ARC members, including the Chairman of the ARC, are independent non-executive directors. RISK MANAGEMENT PROCESS The Group adopts an integrated top-down and bottom-up risk review process that enables systematic identification, assessment, and prioritisation of all material risks in alignment with the Group’s strategy. An integral part of the process towards effective risk management is continuous communication and consultation with internal and external stakeholders. This collaborative approach enhances the Group’s understanding of risk management, fosters informed decision-making, and supports the implementation of best policies and practices that drive long-term value for the organisation. MATERIAL RISKS TO THE GROUP The Group categorises its risk profiles into four key areas: Strategic, Treasury and Financial, Operational and Compliance, and Information Technology. These risks vary widely, with many factors beyond the Group’s control. To mitigate risk exposure, the Group employs appropriate risk management strategies and robust internal controls. Close monitoring and adequate control processes, supported by appropriate key risk and performance indicators, are implemented to ensure the risk is kept within the Group’s risk appetite and risk tolerance limits. CORPORATE GOVERNANCE CITY DEVELOPMENTS LIMITED 36
RkJQdWJsaXNoZXIy ODIwNTc=