MANAGEMENT

The Management team is responsible for ensuring that policies and procedures on risk and internal control are effectively implemented. The

Management is accountable for identifying and evaluating risks as well as monitoring the achievement of business goals and objectives within

the risk appetite parameters approved by the Board.

GROUP RISK DEPARTMENT

The Risk Management Framework is coordinated by the GRD. The GRD develops risk policies, sets minimum standards, provides guidance

on risk related matters, coordinates risk management activities with other departments, as well as monitors the Group’s business risks. The

GRD’s principal roles and responsibilities are as follows:

●

Review and update risk management methodologies, specifically those related to identification, measuring, controlling, monitoring and

reporting of risks;

●

Provide risk management training and workshops;

●

Review risk profiles and mitigation plans of business units;

●

Identify and inform the RMC and the Management of the critical risks faced by the Group; and

●

Monitor action plans for managing the critical risks.

GROUP INTERNAL AUDIT DEPARTMENT

The GIAD regularly reviews the Group’s systems of internal controls and evaluates the adequacy and effectiveness of the controls, risk

management and governance processes implemented by Management. It integrates a risk-based approach in determining the auditable areas

and frequency of audits. The annual audit plan for the Group is reviewed and approved by the AC. The GIAD is guided by its Internal Audit

Charter that provides independence and reflects the roles, responsibilities, accountability and scope of work of the department. The GIAD’s

functions are disclosed in the AC Report on pages 193 to 196 of this Annual Report.

RISKMANAGEMENT FRAMEWORK

The ERM Framework standardises the process of identifying, evaluating and managing significant risks faced by the Group for the year under

review.

The ERM Framework covers the following key features:

●

roles and responsibilities of the GRD, Management and the business units;

●

guidance on the risk management processes and the associated methodologies and tools; and

●

guidance on risk register and controls assessments.

RISKMANAGEMENT INITIATIVES IN 2017

The Group made a significant effort to improve and enhance its risk management and internal control systems in 2017 through the following

initiatives:

●

enhanced processes and methods of determining key risks and associated mitigation plans;

●

thorough risk reviews of key departments to ascertain exposures and vulnerabilities;

●

deep-dive reviews on key risks;

●

advanced methods of risk quantification;

●

enhanced initiatives to promote risk awareness across the Group; and

●

involvement in Group strategy sessions to embed risk management in to decision making processes.

STATEMENT ON RISK MANAGEMENT

& INTERNAL CONTROL

[ ]

AirAsia Group Berhad

REPORTS AND FINANCIAL STATEMENTS

198