40
HAW PAR CORPORATION LIMITED
CO R P O R AT E GOV E R NAN C E R E P O R T
(CONTINUED)
The Risk Management Committee is chaired by the CEO and comprises an Executive Director, the Chief Financial Officer
(“CFO”), the Internal Audit Manager and Group General Manager. It performs the following roles:
• oversees the development of risk management policies;
• provides overall leadership, vision, framework and direction for risk management;
• promotes a risk management culture through human resources, use of technology and organisation structure;
• monitors the effectiveness of risk management and makes refinements as and when necessary;
• ensures that any risks are properly addressed; and
• reports to the AC and the Board twice a year on risk management activities and attestation undertaken (if any).
Risks are analysed and assessed in terms of risk impact and risk likelihood. Risk impact includes financial, operational (business
interruption), regulatory/legal and reputational impact. Risk likelihood includes both quantitative and qualitative appraisals
and classified as ‘Low’, ‘Moderate’, ‘High’ and ‘Critical’. Management evaluates the options and controls needed to deal
with identified risks, depending on the risk impact, likelihood and related costs and benefits. These risks are reviewed both
against the entity level parameters and from the Group’s perspective. The AC monitors the Risk Management Committee’s
activities on behalf of the Board.
Risks are broadly categorised as follows:
Strategic risks
These include most of the inherent risks of each operating unit and the relevant macro-environment such as competition
and epidemic outbreak risks. All such risks are reported to the AC and the Board. Measures taken to manage risks include
diversifying either geographically or in product offerings, putting in place business continuity plans and ensuring sufficient
insurance coverage for various types of risks.
Operational risks
These relate to day-to-day operations and include effective and efficient use of the Group’s resources. Operational risks
include security threats, employee attrition and brand protection. The general manager of each operating unit implements
policies and procedures to monitor such risks.
Compliance risks
Each operating unit is subject to various degrees of regulatory controls, particularly the Healthcare division. Compliance
with local laws and regulations in various geographical locations is monitored by the operating unit and the functional
departments in Singapore.
Financial risks
Financial risks are mitigated by using appropriate hedging instruments when necessary and actively managing foreign exchange
and credit exposures. Financial risks are monitored by the Investment Committee. Generally, the Group is conservative in its
financial dealings and do not engage in speculative instruments that would expose the Group to unnecessary financial risks.
The operations of the Group do not require complex use of information technology or data. Thus the risks in this area are
not material.
The Board reviews the adequacy and effectiveness of the Company’s risk management and internal control systems, including
financial, operational, compliance and information technology controls.
For the year under review, the Board has received assurances from the CEO and the CFO:
(a) that the financial records have been properly maintained and the financial statements give a true and fair view of the
Company’s operations and finances; and
(b) that the Company’s risk management and internal control systems are adequate and effective in all material respects as
at 31 December 2015.
Based on work performed by the internal and external auditors and reviews undertaken by the Risk Management Committee
and the AC, the Board, with the concurrence of the AC, is of the opinion that the internal controls addressing financial,
operational, compliance and information technology risks, and risk management systems and processes were adequate and
effective for the Group as at 31 December 2015.
