2018 UEM Edgenta Annual Report

Summary of Risk Management Activities Risk management activities that were undertaken at both the Company and subsidiary levels to instil a proactive risk management culture and ownership are as follows: • Periodic risk awareness briefing, risk identification and mitigating action plans workshops are conducted as continuous efforts to inculcate proactive risk-aware culture within the Group. • Risk Management Status Reports are produced quarterly at the minimum and are presented to the RMC, ARC and Board of Directors for deliberation and approval. • Quarterly review and monitoring implementation of risk action plans by the risk management team. • Identification and reporting of emerging risks and mitigation plans to the RMC, ARC and Board of Directors for deliberation and approval. • Provides risk management consultation and advisory services to projects, investment and potential business leads. Ethics and Compliance Ethics and compliance are the foundation and values in our day-to-day decision-making and business practices. UEM Edgenta is committed to maintaining an effective compliance program consistent with our Code of Conduct and applicable regulations. Compliance Framework A Compliance Framework has been formalised and approved by the Board of Directors. Such Framework aims to establish and embed the culture of ethics and integrity, consistent with the values of the organisation and promote the culture of commitment to lawful and ethical behaviour. Prevent Governance & Culture • The ‘tone from the top’ • Clear corporate objectives highlighting integrity and ethical values Risk Assessment • Risk identification and assessment • Regularly reviewed, to include emerging risks Policies & Procedures • Clear accessible policies, standards and procedures • Clear policies and procedures on action following any breach or incident Training & Engage • Effective communication of policies, standards and procedures, and of updates and changes • Open lines of communication for inquiry and help (‘up’ and ‘down’) Detect Control Activities • Procedures established and embedded and control activities occur • Continuous oversight by 1st line management Identification of tools used to manage the risks Compliance Monitoring • Timely and ongoing monitoring Respond Investigation • Incident investigation in line with policies and procedures and conducted timely • Consistent and fair consequence management Remediation & Reporting • Reporting results of control activities, monitoring, audits, incidents, and corrective actions including progress reporting • Corrective actions addressed, tracked and documented Governance & Culture Remediation and Reporting Prevent Respond Detect Investigation Compliance Monitoring Control Activities Training & Engage Risk Assessment Policies & Procedures Elements of Compliance Framework Eight Elements of Compliance Framework Financial Review Stakeholder Information AGM Information 121 Governance Review of Sustainability Activities