71
ANNUAL REPORT 2016
Statement on Risk Management & Internal Control
Events Identification
All existing and potential events affecting the achievement of the Group’s objectives must be identified, distinguishing between risks and opportunities.
Opportunities are channeled back to management’s strategy or objective-setting processes
Risks Assessment
Identified risks are analysed to form a basis for determining how they should be managed, and are assessed on an inherent and a residual basis using
qualitative techniques followed by more quantitative analysis of the most important risks through risk matrix analysis
Impact
Risk Management Actions
Significant
Considerable
management
required
Must manage
and monitor
risks
Extensive
management
essential
Moderate
Risks may be
worth accepting
with monitoring
Management
effort
worthwhile
Management
effort required
Minor
Accept risks
Accept, but
monitor risks
Manage and
monitor risks
Low
Medium
High
Likelihood
Risks Response
The risk management strategy to response to risks can be: avoiding, accepting, reducing, sharing, transferring, monitoring and/or controlling the risks,
and involves developing a set of actions to align risks with the Group’s risk tolerances and risk appetite
Control Activities
Control activities through policies and procedures that contribute to the mitigation of risks to the achievement of objectives to acceptable levels, shall
be developed and deployed on a timely and appropriate manner
Information & Communication
Relevant information shall be communicated in a form and timeframe that enables all people within the Group to carry out their responsibilities.
Effective communication also occurs in a broader sense, flowing down, across and up the Group so to ensure personnel receive clear communications
regarding their role and responsibilities in risk management and internal control processes
Monitoring
The risk management and internal control processes shall be closely monitored, and modifications be made as necessary. Monitoring is accomplished
through ongoing management activities, separate evaluations, or both
Monitoring
Event
Identification
Risk
Assessment
Risk
Response
Control
Activities
Information &
Communication
The Directors, management and staff of Bonia Group are guided by the following risk management and control processes in identifying, assessing,
responding, controlling, communicating and monitoring of risks on an ongoing basis:
