Page 20 - SAGT Sustainability Report 2021
P. 20

18 SOUTH ASIA GATEWAY TERMINALS (PVT) LTD

GOVERNANCE

Risk Identification                               Prudent risk management is critical to SAGT’s operations; thus, a well-
                                                  structured risk management process is in place to identify potential
Risk events are defined as events which,          risks and ensure their mitigation.
should they occur, may be detrimental to
SAGT’s ability to meet its stated objectives.     Departmental RCSAs are reviewed every            The system of internal controls includes:
                                                  quarter; individuals departments hold
SAGT classifies risk events in the following      responsibility for carrying out such review and  1.	 Clearing all transactional entries in a
ways:                                             communicating the status to the management            timely manner, and ensuring complete
                                                  committee so that individual risk ratings may         reconciliation,
•	 Common Risks – these are the risks             be updated consolidating the Company’s
   commonly identified during departmental        overall RSCA for the quarter.                    2.	 Subjecting unreconciled and open entries
   RCSAs. These risks are then incorporated                                                             to scrutiny and formally flagging them to
   into the Company’s consolidated risk grid      Risk Reporting                                        the Audit Committee,
   and are assigned a rating.
                                                  The Head of Internal Audit Risk and              3.	 Ensuring the efficient management and
•	 Department-specific Risks – These are risks    Compliance is responsible for the tracking            tracking of cash and cheques deposits, in
   that apply to individual departments           and analysis of changes in the SAGT risk              keeping with international best practices
                                                  rating system over time, as well as engaging
•	 Core Risks – Core risks are defined as         in risk profiling and the tracking of incident   4.	 Continuously streamlining the Internal
   those that carry catastrophic impact both      reporting. Company-specific risks, as well as         Audit function by optimizing focus areas
   to and from the Company; typically, these      risks common to the sector and the industry
   risks are categorized as having a very low     are then analysed and reviewed by the Senior     Segregation of Duties (SoD) under
   or nil probability of occurrence. These        Management Team, the Executive Committee         Sarbanes-Oxley (SOX) Guidelines
   risks should they occur, are a threat to the   and finally by the Audit Committee.
   sustainability or long-term viability of the                                                    The Company is aware of the need to ensure
   business.                                      Internal Compliance                              that no individual has unfettered system
                                                                                                   access to execute transactions across
Risk Rating                                       The CEO and CFO confirm compliance with          an entire organisation and as such has
                                                  statutory and other regulatory procedures        enforced critical approval linkages with a
SAGT applies a rating system to determine the     during a self-certification programme            clear segregation of duties to prevent fraud,
level of risk of each risk event                  conducted quarterly. They are also required      material misstatements, manipulation of
                                                  to identify any significant deviations from the  financial statements and avoid the leakage
•	 Likelihood of occurrence – the rating of the   expected norms.                                  of sensitive information to the public domain,
   probability of occurrence from 1 to 5                                                           among other things.
                                                  System of Internal Control
•	 The severity of impact – the rating of the                                                      Senior Management Team (SMT) and
   impact to the business from 1 to 5             Internal entail the Senior Management Team       Management Committee (MC)
                                                  and Executive Committee together with the
•	 The velocity of risk – the assessment of the   Head of the Internal Audit and the Risk and      The Company’s SMT and MC are collectively
   speed at which the impact of the risk would    Compliance Division obtaining assurances         responsible for carrying out monthly
   hit the organisation                           on the presence and proper functioning of        operational reviews, and productivity and
                                                  systems that are designed to safeguard the       efficiency reviews, as well as for the quarterly
‘Residual Risk’ is the overall level of risk      Company’s assets.                                review of SAGT’s economic, environmental
assigned having given due consideration to all                                                     and social impacts arising from the daily
risk control and mitigation measures that are                                                      operations. The MC is further tasked with
in place already.                                                                                  increasing engagement with the various
                                                                                                   internal stakeholders and in ensuring
Risk Mitigation and Monitoring                                                                     employee engagement and empowerment.

Within the risk management framework, each                                                         The underlying intention of forming the SMT
risk event identified will have a corresponding                                                    and MC is to encourage responsibility and
mitigation action, which may be classified as                                                      accountability at a more granular level by
preventive, detective or corrective action. Each
risk event is assigned a Risk Owner who is
responsible for managing the particular risk
and the plans to mitigate it.
   15   16   17   18   19   20   21   22   23   24   25