Legal The Group is exposed to legal and reputational damage resulting from breach of law or civil suits. We manage this risk by: a) Consulting inhouse lawyers and external legal counsel, where necessary, for advice on major transactions. b) Taking actions to protect and defend against actual or threatened litigation. c) Monitoring and reporting significant litigation and disputes to the ExCo and Board. d) Reviewing and maintaining the necessary liability insurance coverage. We identify opportunities and improvements by: • Adopting proactive legal strategy to ensure that the Group complies with relevant laws, regulations, and industry standards. • Demonstrating a commitment to ethical and legal business practices. Investment/ Divestment Risk The Group is exposed to the risk of deployment of capital into investments that fail to meet targeted returns, due to inadequate planning, errors in underlying assumptions or changes in external conditions beyond our control. We manage this risk by: a) Conducting a comprehensive analysis including due diligence and feasibility studies to evaluate investment and divestment decisions. b) Reviewing and updating investment thresholds and parameters, to be in line with changing strategies and business environment. c) Close monitoring of portfolio performance to ensure that it is on track to meet set targets. We identify opportunities and improvements by: • Remaining agile to capitalise on favourable market conditions through strategic investments and divestments. INFORMATION TECHNOLOGY RISK With the increased reliance on information systems and technology as a business enabler across our businesses, a service disruption of critical Information Technology (IT) systems or malicious and deliberate attempts of hackers to breach our IT systems could adversely affect the Group’s business continuity and reputation. Cyber Threat The Group recognises that cyber threat remains a key concern as attackers have become increasingly creative with attack methods and increasingly destructive payloads that better target system vulnerabilities. We manage this risk by: a) Maintaining a robust IT security framework to neutralise IT security threats such as hacking, malware, mobile threats and loss of data. Measures and considerations have also been taken to safeguard against loss of information, data security, and prolonged service disruption of critical IT systems. b) Dedicating IT expertise to keep abreast of the latest developments, innovation and threats in technology, and assessing their impact and risks. c) Conducting Vulnerability and Penetration Testing (VAPT) and guided self-assessments to identify IT security gaps. d) Leveraging threat intelligence and advanced security analytics to detect potential breaches. e) Conducting training and assessment exercises, to educate users and heighten awareness to cyber threats. f) Maintaining a cyber threat incident response protocol and disaster recovery plan. The Group also carries out disaster recovery plan testing at least once annually. We identify opportunities and improvements by: • Evaluating and upgrading the cybersecurity infrastructure to enhance cybersecurity strategies and improve overall resilience. ANNUAL REPORT 2024 CORPORATE GOVERNANCE 43
RkJQdWJsaXNoZXIy ODIwNTc=