Page 19 - SAGT Sustainability Report 2022 2023
P. 19

SUSTAINABILITY REPORT 2020/21                       17

The scope of functions and responsibilities are  Compliance. Internal Audit assignments are          of compliance with applicable laws and
adequately set out in the terms of reference     primarily outsourced to leading professional        regulations applicable to their respective
of the Committee which has been approved         firms under the supervision of SAGT’s Internal      oversight areas. The effectiveness and
by the Board and is reviewed annually. The       Audit, Risk and Compliance Division.                resource requirements of the Audit, Risk and
Committee’s responsibilities pertain to the                                                          Compliance division are reviewed by the Audit
Company as a whole in discharging its duties.    Matters related to Enterprise Risk Management       Committee and changes affected as needed.
                                                 also fall under the purview of the Head Internal
Internal Audit, Risk and Compliance              of Audit, Risk and Compliance who is required       Risk Management
Division                                         to identify, assess and manage all significant
                                                 risks faced by the Company. The Head Internal       Risk Management forms an integral part
The Internal Audit, Risk and Compliance          of Audit, Risk and Compliance reports to the        of SAGT’s overall Governance Framework,
Division regularly reports to the Audit          Audit Committee and the Executive Committee         working alongside other governance systems
Committee on the adequacy and effectiveness      regarding risk related matters.                     and processes.
of Company’s internal control systems in line
with established policies and procedures         The Head of Internal Audit, Risk and                Enterprise Risk Management (ERM)
as well as on meeting SAGT’s regulatory          Compliance is further expected to obtain            Process
compliance requirements. Follow-up actions       formal assurances every quarter from the
taken based on recommendations and any           Company’s senior management, regarding              The ERM process at SAGT takes a bottom-up
other significant matters are documented         the efficacy and status of the internal             approach and begins at a departmental level.
and presented to the Audit Committee             control and risk management systems, along          The following diagram depicts the process
every quarter by the Head of Audit, Risk and     with a confirmation regarding the status            flow of risk management activities and
                                                                                                     reporting across the organisation.

  SAGT Risk       External      Business         Business  Organisation      Analysis and            Technology  Sustainability
   Universe     Environment  Strategies and      Process   and People         Reporting               and Data     and CSR
Headline Risks
                                 Policies

Risk Presentation    Board of Directors/Executive Committee/Audit Committee  SAGT Risk Review, Report,                    •	 Enterprise Risk Management
  Risk Validation              CEO and Senior Management Team                   Feedback and Action                  •	 Sustainability Integration
                                       Management Committee                                                      •	 Audit Review
Risk Normalisation                            Departments                    Company and Department
Risk Identification           Operational Units/Management Bodies                      Risk Review

                                                                              Department Risk Review,
                                                                                   Report and Action
                                                                                       Report Content

RISK MANAGEMENT STRATEGY                         1.	 Identifying any and all risks, the Company      4.	 Identifying any further appropriate
                                                      may face in striving to achieve its strategic       controls/improvements and mitigation
Prudent risk management is critical to SAGT’s         and operational objectives                          strategies for each risk event
operations. Thus, a well-structured risk
management process is in place to identify       2.	 Assessing any existing processes/controls       5.	 Assigning a Risk Owner for every risk
potential risks and ensure their mitigation.          to mitigate relevant risks                          event
Risks are documented and recorded
through the departmental Risk Control Self-      3.	 Determining the level of each risk through      6.	 Auditing all departmental RCSAs to
Assessment (RCSA) documents and through               a net risk rating where each individual risk        ensure appropriate mitigation plans are in
the Company-wide RCSA, and the key risks              is assessed to determine the likelihood             place at all times
thus identified are managed by –                      of occurrence, the impact and its velocity
                                                      within the Company’s existing risk control
                                                      framework
   14   15   16   17   18   19   20   21   22   23   24