(i) Risk Management Framework
The Group has in place an Enterprise Risk Management (“ERM”) Framework (“ERM Framework”), which governs the risk management process in the Group. Through this framework, risk capabilities and competencies would be continuously enhanced. The ERM Framework also enables the identification, prioritisation, assessment, management and monitoring of key risks to the Group’s business. The risk management process in place covers, inter alia, financial, operational and compliance risks faced by the Group. The key risks of the Group are deliberated by the Management and reported to the Audit Committee (“AC”). The AC reviews the adequacy and effectiveness of the ERM Framework against leading practices in risk management and vis-à-vis the external and internal environment which the Group operates.
Complementing the ERM framework is a Group-wide system of internal controls, which includes the Code of Conduct, documented policies and procedures, proper segregation of duties, approval procedures and authorities, as well as checks-and-balances built into the business process.
To ensure that internal controls and risk management processes are adequate and effective, the AC is assisted by various independent professional service providers. External auditors provide reasonable assurance on the true and fair presentation in the Group’s financial statements. Internal auditors provide assurance that controls over the key risks of the Group is adequate and effective.
(ii) Investment Approval Process
An important component of the Group’s overall risk management is the investment approval process. The process aims to be robust in managing downside risk when deploying the Group’s resources for investments while at the same time prompt in capitalising potential investment opportunities. A summary of the Group’s investment process is as follows.