Page 74 - HRC_Annual_Report_2023
P. 74

72     About HRC                 Value Creation            Management Discussion     Leadership
                                                                  & Analysis


            STATEMENT ON RISK MANAGEMENT AND
            INTERNAL CONTROL




                The Board of Directors (Board) of Hengyuan Refining Company Berhad (Company or HRC) is
                committed to maintaining a sound internal control and risk management system to ensure the
                smooth running of the business. It is HRC’s aim to manage its risks and to control its business
                and financial affairs economically, efficiently and effectively so as to be able to deliver profitable
                business outcomes in a disciplined way, to avoid or mitigate risks that can cause loss, reputational
                damage or business failure, and to enhance our resilience to external events.
                The following statement outlines the nature and scope of HRC’s internal control and risk
                management in 2023.



            BOARD’S RESPONSIBILITY                               risk management system. Management is accountable for
                                                                 regularly assessing that the systems continue to operate
            The Board affirms its overall responsibility for HRC’s risk   efficiently and effectively.
            management and the internal control system, and for reviewing
            the system’s adequacy and integrity. The Board recognises
            that this system is designed to manage, rather than eliminate,    RISK MANAGEMENT
            the risks of not achieving HRC’s objectives and adhering to    The energy landscape continues to be shaped by the
            the policies. Due to the inherent limitations, the system can     geopolitical influence in particular the events in Ukraine and
            only provide reasonable and not absolute assurance against   the Red Sea tension. Macroeconomic variables such as
            material misstatement, fraud or loss or the occurrence of   high  interest  rates, weakening  ringgit,  rising  material  costs,
            unforeseeable circumstances.                         and evolving policies and regulations of Net-Zero emission by
                                                                 2050 are impacting the energy sector.
            The Board Audit Committee (BAC) assists and supports the
            Board’s responsibility of overseeing the suitability, objectivity and   The Risk and Integrity Department oversees the risk
            independence of the Company’s external auditor and internal   management function within HRC. The main objective of risk
            audit function. The adequacy of the HRC Control Framework     management is to promote advanced awareness and define
            and  effectiveness  of  the  internal  control  system  has  been    boundaries for risk-taking, and to apply fit-for-purpose risk
            reviewed and endorsed by the BAC based on the assurance   responses in order for HRC to provide a reasonably sufficient,
            provided by management, the internal and external auditors.   but not an absolute assurance, against material misstatements,
            Audit issues and actions taken by  Management to address     fraud or loss. In addition, it allows HRC to operate and achieve
            the issues tabled by the auditors during the year were     its objectives, within an acceptable risk profile.
            deliberated on during the BAC meetings.
                                                                 Fit-for-purpose risk responses are primarily intended to:
            The Board Risk Management Committee (BRMC) provides   •  Minimise  the  likelihood  of  a  risk  occurring  by  actively
            oversight and direction on risk management matters including   managing the sources of the risk and ensuring competent
            bribery and corruption risk to ensure prudent risk management   people are overseeing the risk on a regular basis; and
            over HRC’s business and operations. Management has
            conducted a systematic and comprehensive evaluation of   •  Mitigate the impact of a risk should it arise, often through
            the Key Risk Areas which were deliberated and presented to    the application of some forms of alert that the risk has
            the BRMC. The implementation of risk controls is monitored,    materialised, followed by the initiation of a contingency or
            and the results are presented during the quarterly     recovery plan to reduce the potential consequences and
            BRMC meetings.                                         also future occurrences.

            Internal control and risk-related matters which warrant the   HRC adopts the best practices from MS ISO 31000:2020
            attention of the Board are recommended by the BAC and     Risk Management to manage the risks of its business and
            BRMC to the Board for its deliberation and approval.  operations. HRC has an established and structured process
                                                                 for the identification, assessment, treatment, communication,
            MANAGEMENT’S ROLE                                    monitoring and continual review of risks and the effectiveness
                                                                 of risk mitigation strategies and controls.
            Whilst the Board assumes responsibility for HRC’s internal
            controls and risk management, the Management holds the
            key role in the implementation of the internal controls and
   69   70   71   72   73   74   75   76   77   78   79