Page 122 - KWAP_Integrated-Report_2023
P. 122

ENRICHING tHE FUtURE  ENRICHING NAtIoNAL PRoGRESS  ENRICHING StAKEHoLDER VALUE   ENRICHING SUStAINABLE IMPACt


          StAtEMENt ON RISK MANAGEMENt

          AND INtERNAL CONtROL (CONtINuED)


          As to support and complement the ERM framework and   Operational Risk Event Reporting
          policy, there are two approaches in managing enterprise-
          wide risk in KWAP:                                KWAP utilises Operational Risk Event (ORE) reporting to
                                                            effectively respond and manage operational losses arising
            Develop and maintain a Corporate Risk Profile (CRP)  from the actual risk events. In addition to monitoring
                                                            risk related incidents, ORE report is used to identify root
           CRP has been used as a platform with a consistent   cause of the incidents and make necessary enhancements
           approach in identifying, assessing, managing and reporting   to prevent similar incidents from occurring.  When
           risks relevant to KWAP in its pursuit to achieve its strategic   implemented effectively, the positive outcomes of ORE will
           objectives and target outcomes.                  not only produce better responses to risk events but also
                                                            lead to better management of risks.
            Develop and maintain multiple Departmental Risk   In 2023, there were no risk events that had significantly
                           Profile (DRIP)                   impacted KWAP’s operations, as majority of the OREs were
           Although risk management is a continuous process   promptly rectified. Proactive measures that were taken to
           of identification, assessment and management, the   address the reported OREs are amongst others as follows:
           departmental-level risk oversight is done annually,
           through DRIP assessment where participation from   •   Facilitated discussions with multiple parties to mitigate
           all departments and functions are required. Each    the risk and avoid recurrence of incident;
           department or function is represented by Risk Liaison   •   Root cause analysis and validation on the key process
           Officers (RLOs), who are the risk champions in their   on the  risk events  to enhance  risk controls  and to
           departments and functions. During a DRIP assessment,   ensure clearly defined roles and responsibilities of
           the RLOs from  each department and functions  within   parties involved;
           KWAP  conduct  assessments  of  their  own  areas  of
           responsibility to identify potential risks, evaluate the   •   Presented  the  OREs  reported  at  Senior  Leadership
           effectiveness of existing controls in managing those   Committee (SLC), Risk and Compliance Committee
           risks and propose improvements or additional controls   (RCC) and BRCC meetings to ensure all issues were
           where necessary. KWAP leverages DRIP as a proactive   properly addressed; and
           approach  to  risk  management,  allowing  departments
           and functions to identify and address potential issues   •   Tracked  and  monitored  outstanding  OREs  with
           down to the nitty gritty details before they have the   respective parties to ensure mitigation actions are in
           chance to escalate into more significant problems.  place to minimise recurrence of the incident.

                                                            Fraud Risk Management Programme
          These approaches should methodically address all the
          risks associated with KWAP’s activities and consequently   Fraud Risk Management Programme (FRMP) was
          deliver benefits related to having a better-informed   developed to demonstrate the expectations of the Board
          strategic decision making, successful delivery of change   and Senior Management; and their commitment to high
          and increased operational efficiency.             integrity and ethical values regarding managing fraud and
          OPERAtIONAL RISK MANAGEMENt (ORM)                 corruption risk in KWAP. The KWAP’s FRMP comprises
                                                            of policy and guidelines, training and awareness
          ORM in KWAP focuses on identifying, assessing and   programme and departmental fraud and corruption risk
          mitigating risks associated with business operations. It is   assessment.
          an integral process of ERM that aims to manage potential
          and actual loss resulting from inadequate or failed internal   Pursuant to the establishment of Integrity and governance
          process, people, systems or from external events. It   Office (IgO) in 2019, Corruption Risk Management (CRM)
          includes, but is not limited to, fraud, physical damage,   has been embedded into the risk management framework.
          business disruption, transaction failures, legal and   The RMCD and the IgO have worked collaboratively on
          regulatory breaches as well as employee health and safety   the fraud and corruption risk assessment exercise and
          hazards. Suboptimal management of operational risk may   conducted workshops for all departments, functions and
          result in reputational risk to KWAP.

          120  KUMPULAN WANG PERSARAAN (DIPERBADANKAN)  i  INtEGRAtED REPoRt 2023
   117   118   119   120   121   122   123   124   125   126   127