Maxis Berhad
Annual Report 2015
page
62
Statement on
Risk Management and Internal Control
All identified risks are displayed on a 5 by 5 risk matrix based on their risk ranking to assist Management in prioritising their efforts and
appropriately managing the different classes of risks.
The Board and Management drive a pro-active risk management culture and regular risk awareness and coaching sessions are held to
ensure that the Group’s employees have a good understanding and application of risk management principles.
There is an ERM department which works closely with the Group’s operational managers to continuously strengthen the risk
management initiatives within the Group so that it responds effectively to the constantly changing business environment and thus is
able to protect and enhance shareholder value.
CONTROL ENVIRONMENT AND STRUCTURE
The Board and Management have established numerous processes for identifying, evaluating and managing the significant risks faced
by the Group. These include periodic testing of the effectiveness and efficiency of the internal control procedures and updating the
system of internal controls when there are changes to the business environment or regulatory guidelines. These processes have been
in place for the financial year ended 31 December 2015 and up to the date of approval of this Statement on Risk Management and
Internal Control for inclusion in the Annual Report.
The key elements of the Group’s control environment include:
1. Organisation Structure
The business of the Group is managed by the Board which provides direction and oversight to the Group and Chief Executive
Officer (“CEO”) who is supported by Management. The Board is supported by a number of established Board committees, namely
the Audit, Nomination, Remuneration and Employee Share Option Scheme/Long-term Incentive Plan Committee, and ad-hoc
operational and governance committees formed from time to time, all of which facilitate the Board in the discharge of its duties.
Each Committee has clearly defined terms of reference and responsibilities, and activities of each Committee are reported back to
the Board for information or decision where relevant (please refer to the Statement of Corporate Governance for further details).
Responsibility for implementing the Group’s strategies, operations and day-to-day businesses, including implementing the system
of risk management and internal control, is delegated to the CEO who is supported by Management. The organisation structure
sets out a clear segregation of roles and responsibilities, lines of accountability and limits of authority to ensure effective and
independent stewardship.
RISK RATING SCALE - 5 BY 5 MATRIX
IMPACT
1. CRITICAL
2. MAJOR
3. MODERATE
4. MINOR
5. INSIGNIFICANT
LIKELIHOOD
OF OCCURENCE
1. UNLIKELY 2. LOW
PROBABILITY
3. POSSIBLE 4. HIGH
PROBABILITY
5. ALMOST
CERTAIN
KEY
HIGH
MEDIUM
LOW
