Annual Report 2019

106 Transport International Holdings Limited 2019 Annual Report Corporate Governance Report Risk Assessment TIH Enterprise Risk Management System The Group has an Enterprise Risk Management System (“ERM System”) which has the following objectives: To provide a systematic approach to the early identification and management of risks; To provide consistent risk assessment criteria; To make available accurate and concise risk information that informs decision making including business directions; To adopt risk treatments that are cost effective and efficient in reducing risk to an acceptable level; and To monitor and review risk levels to ensure that risk exposure remains within an acceptable level. The Group’s ERM System was designed with reference to the COSO ERM framework. The Group’s risk management structure is as follows: Risk Rating is determined by Impact and Vulnerability. A dynamic risk rating matrix, using both quantitative and qualitative factors, is used to assess risk. A Risk Key Performance Indicator Report (“Risk KPI Report”) is submitted to the Audit and Risk Management Committee every six months. The Group’s major risks as identified by the management are listed in the Risk KPI Report, together with a comprehensive profile of such risks and the monitoring mechanism as established by management. TIH Risk Management Framework Board of Directors Evaluates and provides direction to the Group on the nature and extent of the risks that shall be taken in achieving its strategic objectives (i.e. setting the Risk Appetite). Ensures review of the effectiveness of the risk management and internal control systems. Audit and Risk Management Committee Ensures that the Risk Management Taskforce (“RMTF”) and Business Lines have fulfilled their duties in establishing and maintaining an effective risk management programme. Reviews the Risk KPI Reports semi-annually. Risk Management Taskforce (“RMTF”) Comprising the Finance Director and General Manager, Corporate Planning and Business Development (“GM – CP&BD”), the RMTF is chaired by GM – CP&BD. Maintains an oversight of the Group’s risk management system, framework and programme. Proposes to the Board for approval at least annually enhancements as needed, including those to fulfil regulators’ or governance bodies’ statutory requirements. Reviews and/or approves the Risk Inventory in the risk management programme and monitors the Risk KPI Reports. Ensures Business Lines of the Group commit sufficient resources to carrying out the risk management exercise. Individual Department Head/Director (collectively referred as “Business Lines”) Develops policies and controls to effectively embed the Group’s risk management directions into day-to-day operations. Promotes the risk-management culture to those working under the Business Lines so that they comply with the risk management policies and procedures when conducting day-to-day operations. Identifies the risks associated with business activities (including new business) within his/her own Business Lines, and implements appropriate action plans to manage the identified risks and opportunities. Internal Audit