HAW PAR CORPORATION LIMITED
40
Risks are analysed and assessed in terms of risk impact and risk likelihood. Risk impact includes financial, operational
(business interruption), regulatory/legal and reputational impact. Risk likelihood includes both quantitative and qualitative
appraisals and classified as ‘Low’, ‘Moderate’, ‘High’ and ‘Critical’. Management evaluates the options and controls needed
to deal with identified risks, depending on the risk impact, likelihood and related costs and benefits. The AC monitors the
Risk Management Committee’s activities on behalf of the Board.
Risks are broadly categorised as follows:
Strategic risks
These include most of the inherent risks of each operating unit and the relevant macro-environment such as competition
and epidemic outbreak risks. All such risks are reported to the AC and the Board. Measures taken to reduce risks include
diversifying either geographically or in product offerings, putting in place business continuity plans and ensuring sufficient
insurance coverage for various types of risks.
Operational risks
These relate to day-to-day operations and include effective and efficient use of the Group’s resources. Operational risks include
security threats, employee attrition and brand protection. The general manager of each operating unit implements policies
and procedures to monitor such risks.
Compliance risks
Each operating unit is subject to various degrees of regulatory controls, particularly the Healthcare division. Compliance with
local laws and regulations in various geographical locations is monitored by the operating unit and the functional departments
in Singapore.
Financial risks
Financial risks are mitigated by using appropriate hedging instruments when necessary and actively managing foreign exchange
and credit exposures. Further details on managing financial risks are disclosed in Note 26 on Page 96 of the Annual Report.
The operations of the Group do not require complex use of information technology or data. Thus the risks in this area are
not material.
The Board reviews the adequacy and effectiveness of the Company's risk management and internal control systems, including
financial, operational, compliance and information technology controls.
For the year under review, the Board has received assurances from the CEO and the CFO:
(a)
that the financial records have been properly maintained and the financial statements give a true and fair view of the
Company’s operations and finances; and
(b)
that the Company’s risk management and internal control systems are adequate and effective in all material respects
as at 31 December 2014.
Based on work performed by the internal and external auditors and reviews undertaken by the Risk Management Committee
and the AC, the Board, with the concurrence of the AC, is satisfied that the internal controls addressing financial, operational,
compliance and information technology risks, and risk management systems and processes were adequate and effective for
the Group as at 31 December 2014.
The Group’s internal controls and risk management systems provide reasonable, but not absolute, assurance that the Group
will not be adversely affected by any reasonably foreseeable event. The Board recognises that no system of internal controls
and risk management can provide absolute assurance.
CORPORATE GOVERNANCE REPORT
(CONTINUED)
