MANAGEMENT
The Management team is responsible for ensuring that policies and procedures on risk and internal control are effectively implemented. The
Management is accountable for identifying and evaluating risks as well as monitoring the achievement of business goals and objectives within
the risk appetite parameters approved by the Board.
GROUP RISK DEPARTMENT
The Risk Management Framework is coordinated by the GRD. The GRD develops risk policies, sets minimum standards, provides guidance
on risk related matters, coordinates risk management activities with other departments, as well as monitors the Group’s business risks. The
GRD’s principal roles and responsibilities are as follows:
●
Review and update risk management methodologies, specifically those related to identification, measuring, controlling, monitoring and
reporting of risks;
●
Provide risk management training and workshops;
●
Review risk profiles and mitigation plans of business units;
●
Identify and inform the RMC and the Management of the critical risks faced by the Group; and
●
Monitor action plans for managing the critical risks.
GROUP INTERNAL AUDIT DEPARTMENT
The GIAD regularly reviews the Group’s systems of internal controls and evaluates the adequacy and effectiveness of the controls, risk
management and governance processes implemented by Management. It integrates a risk-based approach in determining the auditable areas
and frequency of audits. The annual audit plan for the Group is reviewed and approved by the AC. The GIAD is guided by its Internal Audit
Charter that provides independence and reflects the roles, responsibilities, accountability and scope of work of the department. The GIAD’s
functions are disclosed in the AC Report on pages 193 to 196 of this Annual Report.
RISKMANAGEMENT FRAMEWORK
The ERM Framework standardises the process of identifying, evaluating and managing significant risks faced by the Group for the year under
review.
The ERM Framework covers the following key features:
●
roles and responsibilities of the GRD, Management and the business units;
●
guidance on the risk management processes and the associated methodologies and tools; and
●
guidance on risk register and controls assessments.
RISKMANAGEMENT INITIATIVES IN 2017
The Group made a significant effort to improve and enhance its risk management and internal control systems in 2017 through the following
initiatives:
●
enhanced processes and methods of determining key risks and associated mitigation plans;
●
thorough risk reviews of key departments to ascertain exposures and vulnerabilities;
●
deep-dive reviews on key risks;
●
advanced methods of risk quantification;
●
enhanced initiatives to promote risk awareness across the Group; and
●
involvement in Group strategy sessions to embed risk management in to decision making processes.
STATEMENT ON RISK MANAGEMENT
& INTERNAL CONTROL
[ ]
AirAsia Group Berhad
REPORTS AND FINANCIAL STATEMENTS
198