BUILDING LANDMARKS, CHARTING GROWTH
137
Annual Report 2015
Guideline11.2 :Reviewof adequacyandeffectiveness
of risk management and internal control systems
The ARC assists the Board in fulfilling its oversight
responsibility pertaining to Perennial’s risk policies, risk
profile, internal controls and the effectiveness of
Perennial’s risk management and internal control
systems. In doing so, the ARC regularly reviews the
key organisational risks and the robustness of
Perennial’s risk management systems.
Risk Management
The CEO and the Management are responsible for
identifying and managing risks. Perennial understands
that its business environment presents both
opportunities that need preparation and planning in
order to be seized as well as uncertainties that need to
be actively managed. Perennial has implemented a
comprehensive enterprise risk management (“
ERM
”)
framework which lays out the governing policies,
processes and systems to identify key risks for
deliberation by the Management and the findings,
together with proposals to manage the risks, are
reported to the ARC and the Board on a regular basis.
The ERM framework, which is largely derived from the
ISO 31000 Risk Management – Principles and
Guidelines (2009), enables Perennial to deal with
business opportunities and uncertainties by identifying
key risks and enacting the appropriate mitigating plans
and actions.
Under the ERM framework, Perennial’s risk profile is
reviewed and updated annually. Perennial also
produces and maintains risk registers which identified
all risks it faces and the corresponding internal controls
it has in place to manage or mitigate those risks.
The risk profile, risk registers and all identified risks and
controls are reviewed annually by the Management and
presented to the ARC and the Board.
Once the risks are prioritised and key risks are
identified, preventive and mitigating measures
(collectively defined as “
controls
”) will be developed
and implemented. Such key risks are also
consolidated at group level for risk monitoring by the
Management as well as at the asset level. Managers at
the asset level are required to periodically review the
effectiveness of the controls implemented, and initiate
necessary changes as the risk profile of the relevant
asset changes.
Perennial has also established risk tolerance levels
and key risk indicators to measure and monitor risk
exposures for the key risks. A risk dashboard is also
developed and maintained at the group level to
provide early warning for potential emerging risks or
increase in risk exposures and identify areas that
require immediate attention or pre-emptive actions.
Quarterly, the ARC and the Board review the key risk
indicators and risk dashboard and discuss the
status of the risk exposures and risk management
action plans.
The system of risk management is reviewed and,
where appropriate, refined regularly by the
Management, the ARC and the Board.
Internal Controls
Supporting the ERM framework is a system of internal
controls, comprising group-wide governance and
internal control policies, procedures and guidelines
which dictates the segregation of duties, approval
authorities and limits, and checks and balances
embedded in business processes. Fraud risk
management processes and the implementation of
policies, such as the Whistle-blowing Policy and
Employee Code of Conduct, also help to establish a
clear tone from the Management with regard to
employees’ business and ethical conduct. This system
of internal controls is reviewed regularly for continuous
improvement and strengthening of controls.
Internal auditors and external auditors conduct audits
that involve testing the effectiveness of the material
internal controls, covering the areas of financial,
operational, compliance and information technology
(“
IT
”). Any material non-compliance or lapses in
internal controls, together with corrective measures
recommended by internal auditors and external
auditors, are reported to and reviewed by the ARC.
The adequacy and effectiveness of the measures
taken by the Management in response to the
recommendations made by the internal auditors and
external auditors are also reviewed by the ARC. The
results of these audits serve to provide the basis on
the adequacy of Perennial’s internal controls.
