Page 119 - KWAP_Integrated-Report_2023
P. 119

ENRICHING PERFORMANCE AND COMMITMENTS  ENRICHING ACCOUNTABILITY AND INTEGRITY  ENRICHING RESILIENCE AND SUSTAINABLE GROWTH  OTHER INFORMATION


          StAtEMENt ON RISK MANAGEMENt

          AND INtERNAL CONtROL


          OVERVIEW                                          (ii)  The second line of defence comprises risk management,
                                                               compliance and control functions that support and
          In line with KWAP’s expansion over the last 17 years, in   oversee the first line. Their role is to provide guidance,
          both  investment  and  non-investment  activities,  our  risk   monitoring and ensure effective risk management and
          profile has also evolved, as the organisation grew both in   sound controls processes are in place.
          size and complexity. Recognising that a dynamic external
          environment presents  multiple threats  and opportunities   (iii)  The third line of defence is the internal audit function
          to KWAP in meeting KWAP’s mission and vision, we     that provides to the Board, independent and objective
          have invested in building risk management capacity and   assurances  of  the effectiveness  and  adequacy  of
          capabilities to support KWAP in meeting its strategic   governance, risk management and internal control
          objectives. We are committed to moving forward, assessing   processes.
          risks, managing threats and seizing opportunities for value
          creation, all the while protecting KWAP and its stakeholders.  We believe and invest in our people, develop clear governing
                                                            policies and ensure robust and risk-aware operational
          RESPONSIBILItY                                    processes (with significant investment in systems to ensure
                                                            adequate control and automation). Underlying all this is a
          The Board recognises its overall responsibility in reviewing   robust governance structure to ensure the segregation of
          and maintaining a sound internal control process and robust   reporting lines between departments in KWAP to prevent
          risk management practices to ensure good corporate   conflicts of interest and ensure the independence and
          governance. Both elements are designed to manage and   integrity of the different functions or roles in KWAP.
          mitigate risks within acceptable risk tolerance levels whilst
          in compliance with the statutory mandate, objectives and   RISK MANAGEMENt FRAMEWORK
          the established policies and procedures of KWAP.
                                                            The risk management framework is anchored on the
          The Board also recognises the ongoing process to evaluate   adoption of Enterprise Risk Management (ERM) as the
          the effectiveness and integrity of the internal controls via   core strategy across the enterprise. KWAP adopts the
          the identification, assessment and management of risks   International Organisation for Standardisation (ISO)
          faced by KWAP. In view of the inherent limitations in any   31000:2018 ERM Standard (ISO Standard), as a framework
          form of internal control, this is designed to manage rather   that guides the organisation  in managing  its risks. This
          than eliminate the risk of failure in the achievement of goals   approach is designed to identify potential events that may
          and objectives of KWAP.                           adversely affect KWAP and manage risks within KWAP’s
                                                            risk appetite, thus providing reasonable assurance on
          The internal controls are reviewed and updated from time-  KWAP being able to achieve its organisational objectives.
          to-time, to align with the dynamic changes in the business
          environment or the risks faced by KWAP. The Board   RISK GOVERNANCE
          acknowledged the Management team’s responsibility to
          implement the Board policies, procedures and processes   We remain very prudent in managing the risk in our
          for sound internal controls and effective risk management.  investment and non-investment activities, guided by the
                                                            “tone from the top” as articulated in the KWAP’s Risk
          In managing risk and internal control processes, KWAP   Appetite Statement (RAS). The RAS defines KWAP’s
          adopts the three lines of defence model in which:  overarching attitude toward investment and non-investment
                                                            activities, thereby guides KWAP strategy and decision-
          (i)  Primary responsibility, or the first line of defence, is   making process. RAS also sets out KWAP’s capability and
             with the individual and functions that are responsible   capacity to take risk in the context of investment objectives
             for directly managing risks within the business units.   and risk tolerance. The RAS is complemented by a robust
             They are  accountable  for identifying,  assessing  and   governance structure and is further enhanced by a series
             mitigating risks, via the implementation of sound   of frameworks, policies, guidelines, and standard operating
             internal controls, in their day-to-day activities.   procedures.

                                                                                                         117
   114   115   116   117   118   119   120   121   122   123   124