Page 36 - KWAP_Integrated-Report_2023
P. 36

ENRICHING tHE FUtURE  ENRICHING NAtIoNAL PRoGRESS  ENRICHING STAKEHOLDER VALUE   ENRICHING SUStAINABLE IMPACt



         PRINCIPAL RISKS (CONtINuED)





           R3         Operational Risk

              Operational risk is the risk of loss resulting from   Our response:
              inadequate or failed internal processes, people,   •   Implement  a  robust  and  sound  internal  control
              systems or from external events that impact the   environment throughout the organisation.
              aforesaid. It encompasses a wide range of risks   •   Cultivating  a  tone-from-the-top  culture  that  prioritises
              associated with the day-to-day operations of   compliance with regulations and ethical behaviour.
              an organisation which includes but not limited   •   Reinforcing  strong  governance  in  operations  through
              to fraud, physical damage, business disruption,   internal policies, guidelines and standard operating
              transaction failures, legal and regulatory   procedures.
              breaches as well as employee health and safety   •   Utilise  Operational  Risk  Event  (ORE)  Reporting  to
              hazards. It may also impact other risks such as   effectively respond and manage operational losses arising
              KWAP’s reputational risk.                    from the actual or potential risk events.
                                                        •   Implement a robust Fraud Risk Management Programme
              Risk Category: Traditional Risk              (FRMP) to identify, assess and manage fraud risk,
                                                           including  corruption  in an optimal  manner to ensure
                                                           adequate prevention and detection measures in place and
                                                           safeguard KWAP’s assets, reputation and stakeholders’
                                                           trust.

           R4         Business Continuity Risk

              Business continuity risk are risk of unexpected   Our response:
              events and potential threats that could adversely   •   Implement  Business  Continuity  Management  (BCM)  in
              affect KWAP’s ability to continue the critical   ensuring  continuity  and  recovery  of  the  critical  business
              business operations and deliver its product and   process in a timely manner.
              services to meet the needs and expectations   •   Design and test a comprehensive BCM Plan which includes:
              of its stakeholders. The threats may include   i.   Perform planned and surprised BCM exercises involving
              failure in internal systems or human error,      critical system and business functions in a live and non-
              cyber attacks, pandemics or natural disaster,    live environment.
              which may cause financial losses, damage to   ii.  Conduct call tree exercises to test and enhance
              reputation, regulatory non-compliance and        communication protocols and response procedures
              decreased stakeholder confidence.                during simulated emergency scenarios.
                                                           iii.  Mobilisation of KWAP personnel to alternate site for
              Risk Category: Traditional Risk                  the purpose of executing system recovery and critical
                                                               business functions.
                                                        •   Conduct annual review of the enterprise Risk Assessment
                                                           (RA) and departmental Business Impact Analysis (BIA).












          34  KUMPULAN WANG PERSARAAN (DIPERBADANKAN)  i  INtEGRAtED REPoRt 2023
   31   32   33   34   35   36   37   38   39   40   41