POLICY ON RISK MANAGEMENT

RISK MANAGEMENT PROGRAM

The Company’s risk management program comprises of a series of processes, structures and guidelines which assist the Company to identify, assess, monitor and manage its business risk, including any material changes to its risk profile.

To achieve this, the Company has clearly defined the responsibility and authority of the Company’s Board of Directors as stated above, to oversee and manage the risk management program, while conferring responsibility and authority on the Company’s senior management to develop and maintain the risk management program in light of the day-to-day needs of the Company. Regular communication and review of risk management practice provides the Company with important checks and balances to ensure the efficacy of its risk management program.

The key elements of the Company’s risk management program are set out below.

RISK IDENTIFICATION

In order to identity and assess material business risks, the Company defines risks and prepares risk profiles in light of its business plans and strategies. This involves providing an overview of each material risk, making an assessment of the risk level and preparing action plans to address and manage the risk.

The Company majorly focuses on the following types of material risks:

• Business risk
• Technological risk
• Operation risk
• Competition risk
• Realization risk
• Financial risk
• Human resource risks and
• Legal/regulatory risk

OVERSIGHT AND MANAGEMENT

Board of directors

The Board of Directors (“the Board”) is responsible for reviewing and ratifying the risk management structure, processes and guidelines which are developed and maintained by Senior Management. The Senior Management may also refer particular issues to the Board for final consideration and direction.

Risk Management Committee, if any

The day-to-day oversight and management of the Company’s risk management program has been conferred upon the risk management Committee, if any or by the Board of Directors of the Company. It is responsible for ensuring that the Company maintains effective risk management and internal control systems and processes and provides regular reports to the Board of Directors on the effectiveness of the risk management program in identifying and addressing material business risks. To achieve this, the Committee / Board is responsible for:

• managing and monitoring the implementation of action plans developed to address material business risks within the Company and its business units, and regularly reviewing the progress of action plans;
• setting up internal processes and systems to control the implementation of action plans;
• regularly monitoring and evaluating the performance of management in managing risk;
• providing management and employees with the necessary tools and resources to identify and manage risks;
• review and monitor technology risks
• review and monitor all other risks as indicated earlier and
• ensuring compliance with regulatory requirements and best practices with respect to risk management.

Senior Management

The Company’s Senior Management is responsible for designing and implementing risk management and internal control systems which identify material risks for the Company and aim to provide the Company with warnings of risks before they escalate. Senior Management must implement the action plans developed to address material business risks across the Company and individual business units.

Senior Management should regularly monitor and evaluate the effectiveness of the action plans and the performance of employees in implementing the action plans, as appropriate. In addition, Senior Management should promote and monitor the culture of risk management within the Company and compliance with the internal risk control systems and processes by employees.

Senior Management should report regularly to the Risk Management Committee, if any / Board of Directors regarding the status and effectiveness of the risk management program.

Employees

All employees are responsible for implementing, managing and monitoring action plans with respect to material business risks, as appropriate

REVIEW OF RISK MANAGEMENT PROGRAM

The Company regularly evaluates the effectiveness of its risk management program to ensure that its internal control systems and processes are monitored and updated on an ongoing basis. The division of responsibility between the Board, the Committee and the Senior Management aims to ensure the specific responsibilities for risk management are clearly communicated and understood.

The reporting obligation of Senior Management and Committee ensures that the Board is regularly informed of material risk management issues and actions. This is supplemented by the evaluation of the performance of risk management program by the Committee, the Senior Management and employees responsible for its implementation.

Risk Management System

The Company has always had a system-based approach to business risk management. Backed by strong internal control systems, the current risk management framework consists of the following elements:

• A combination of policies and procedures brings robustness to the process of ensuring business risks are effectively addressed.
• Appropriate structures have been put in place to effectively address inherent risks in businesses.
• A strong and independent Internal Audit Function carries out risk focused audits across all businesses, enabling identification of areas where risk managements processes may need to be improved. The Audit Committee and the Board reviews internal Audit findings and provides strategic guidance on internal controls. Monitors the internal control environment within the Company and ensures that Internal Audit recommendations are effectively implemented.

The combination of policies and processes as outlined above adequately addresses the various risks associated with our Company’s businesses. The Senior Management of the Company periodically reviews the risk management framework to maintain its contemporariness so as to effectively address the emerging challenges in a dynamic business environment.

AMENDMENT

Any change in the Policy shall be approved by the Board of Directors or any of its Committees (as may be authorized by the Board of Directors in this regard). The Board of Directors or any of its authorized Committees shall have the right to withdraw and / or amend any part of this Policy or the entire Policy, at any time, as it deems fit, or from time to time, and the decision of the Board or its Committee in this respect shall be final and binding. Any subsequent amendment / modification in the Listing Regulations and / or any other laws in this regard shall automatically apply to this Policy.