PROPOSED RISK MANAGEMENT FRAMEWORK

Introduction

This framework establishes the process for the management of risks faced by TSR Capital Berhad and its subsidiary companies (“TSR Group” or “the Group”). The aim of risk management is to maximise opportunities in all TSR Group activities and to minimise adversity.

The framework applies to all activities and processes associated with the normal operation of TSR Group.

It is the responsibility of all Board members and staff to identify, analyse, evaluate, respond, monitor and communicate risks associated with any activity, function or process within their relevant scope of responsibility and authority.

Definitions

  1. Risk

    Risk is a threat of event, action or loss of opportunity that, if it occurs or crystallises, will adversely affect any or a combination of the following:

    • Value to TSR’s shareholders and other stakeholders;
    • Ability to achieve objectives;
    • Ability to implement business strategies;
    • Manner in which operations are conducted; and
    • TSR Group’s reputation.

    2.  

  2. Enterprise Risk Management (“ERM”)

    ERM is a structured and disciplined approach to align strategy, processes, people, Technology, and knowledge with the purpose of evaluating and managing the risks the Group faces as it creates value.

    ERM shall be a core management competency that incorporates a well-structured systematic process to identify business risks and lessen their impact on the Group.

    ERM involves the following core elements:-

    • Identification of each business risk; and
    • Measurement of the identified business risk by assessing the likelihood and impact of risks as follows:
      1. Likelihood measures the expected frequency of a risk occurring or materialising.
      2. Impact measures the expected level of effect of a risk occurring, taking into considering current control strategies or risk treatments in place.
      3. Net risk should reflect the likelihood and impact having regard to the existing process and procedures which are adopted by the businesses and functions together with impact of any new controls implemented.
    • Control or the way the risk is managed in line with the needs of TSR Group’s policies and strategies.

      The selection and implementation of appropriate management
actions for dealing with risk is the responsibility of the risk owner. A risk owner is a named individual accountable for all aspects of the risk including assessment, evaluation, monitoring and reporting.

      Where current controls are deemed ineffective and therefore warrant action, appropriate control improvements and actions plans will be developed by Management.

      It is not the Company’s policy to eliminate risk which would result in an uncommercial result for the business, rather to manage it consistently within the levels considered acceptable by the Board.

    • Constant monitoring and communicating of risks associated with any activity, function or process in a way that will enable TSR Group to minimise losses and maximise opportunities.

    3.  

  3. Risk Management Policy
    The following outlines the TSR Group’s risk management policy:

    • To weigh business against the philosophy that business risks would be deliberately incurred if the associated rewards are expected to enhance the Group’s shareholder value;
    • To ensure risks which may have a significant impact upon the Group are identified in a manner which would result in their expeditious treatment;
    • To provide reasonable assurance to the Group’s stakeholders that the probability of attaining its objectives would be enhanced by performing risk assessment exercise;
    • To manage risks by adopting best practice methodologies for the identification analysis, evaluation, reporting, treatment and monitoring of risks;
    • To provide an assurance regarding the extent of its compliance with regulatory requirements and the policies and procedures contained within this document; and
    • To communicate and provide the necessary resources, structures, system and training to ensure this policy is understood, implemented and mainlined at all levels. All staff are responsible for managing risks.

    4.  

  4. Risk Management Procedure
    1. Outline the Group’s risk context which comprises group’s philosophies, strategies and policies, and operating system so as to better manage the business risks faced by the Group.
    2. Establish the context for an ERM framework within TSR Group.
    3. Formalise the ERM function across TSR Group.
    4. Sensitise staff more strongly to risk identification, measurement, control, ongoing monitoring, responsibilities and accountabilities.
    5. Coordinate and standardise the understanding and application of ERM within the TSR Group.
    6. Provide guiding ERM principles to Head of Division to govern the action of their operating personnel pertaining to risks.
    7. Head of Division evaluates all business risks of the respective business units.
    8. Audit Committee reviews and evaluates the significant risk issues and/or major changes highlighted by Head of Division and reports the same to the Board the significant risks faced by TSR.
    9. Review risk management policy periodically to ensure that it is always consistent with the business and market environment that TSR Group is faced with.

    5.  

  5. Responsibility For Risk Management
    While managers are accountable for risk management at their particular level, responsibility for good risk management rests with every staff member. This includes going about jobs in a careful and conscientious manner that contributes to the high ethics and culture within the Group.

    The individual accountability for risk management responsibilities has been addressed by the applicable laws and regulation that bind management and staff, as well as by each Company’s Constitution, internal policies and procedures, limit of authority, individual employment contracts, the general corporate policies and the guidelines for specific operations, divisions or business units.