Board of Directors & Board Committee Digi Management Team Statement on Risk Management and Internal Control Pursuant to Paragraph 15.26 (b) of the Main Market Listing Requirements of Bursa Malaysia Securities Berhad (Bursa Malaysia), the Board of Directors of listed companies is required to include in their annual report, a statement about the state of risk management and internal control of the listed issuer as a group. Digi Board of Directors (the Board) is pleased to provide the following statement that has been prepared in accordance with the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers endorsed by Bursa Malaysia. The Statement outlines the nature and scope of risk management and internal control within Digi during the financial year under review. RESPONSIBILITIES AND ACCOUNTABILITIES The Board acknowledges its responsibility for the establishment as well as oversight of Digi’s risk management framework and internal control systems. The risk management framework and internal control systems are designed to identify, assess and manage risks that may impede the achievement of business objectives and strategies. The Board also acknowledges that the internal control systems are designed to manage and minimise, rather than eliminate, occurrences of material misstatement, financial losses or fraud. The Board, through the Audit and Risk Committee (ARC) periodically reviews the effectiveness and adequacy of the risk management framework and internal controls by identifying, assessing, monitoring and reporting key business risks with the objective to safeguard shareholders’ investments and Digi’s assets. Management is responsible for implementing Board approved policies and procedures on risk management and internal controls by identifying and evaluating risks faced and monitoring the achievement of business goals and objectives within the risk appetite parameters. RISK MANAGEMENT Digi’s risk management framework provides the foundation and process on how risks are managed across Digi. Our process is broadly based on ISO 31000:2018. Risk management responsibilities in Digi are defined in the framework where Risk Management function is responsible to implement the enterprise risk management process. Digi’s Management Team (Management)’s key role is to identify significant threats and opportunities, evaluate the risk profile and drive mitigation strategies on a regular basis. All line managers are required to assume responsibility for risk management within their areas of responsibility and ensure that risk management is embedded in the day-today business and decision-making processes. Roles & Responsibilities of Managing Risks: MANAGE by First Line of Defence • Business/function owners who own & manage risks Business policy, procedures & controls implementation oversee by Second Line of Defence • General functions oversee & report on risks • Advisor to first line Governance policy, procedures & controls implementation ASSURANCE by Third Line of Defence • Internal audit provides independent assurance • Advisory role to improve processes Ensure first-tier and second-tier defence operate as expected External Assurance by Fourth Line of Defence • External auditors, regulators or agencies compliance checks Highest level of oversight The diagram below illustrates the roles and responsibilities of risk management practices across Digi. 119 Integrated Annual Report 2021 Governance Audited Financial Statements Other Information
RkJQdWJsaXNoZXIy ODU0MjU5