Group Risk Policy

The objective of this Group Risk Policy is to outline the principles and the Board’s and
Management Responsibilities on risk management.


the risk management objective of the Group is to ensure that aformal, sturctured, documented and integrated risk management framework is in place in order to achieve the following objectives:

  • Management is proactive in predicting and detecting changes faster and more
    prepared to face risks and opportunities;
  • Staff members appreciate the impact of their jobs to the organisation;
  • Business is sustainable without dependency;
  • Risk oversight is minimized; and
  • Ethic, quality and efficiency are improved in operations.

The Board however, recognizes that a sound system of risk management and internal control could only provide reasonable, but not absolute assurance and could not eliminate, the possibility of occurrence of unforeseeable circumstances.


At Ekovest the key responsibilities of the Board in risk management are:

i. To approve the board’s acceptable risk appetite and risk measurement parameters;

ii. To review risk management framework, policies, processes, responsibilities and actions;

iii. To review the status of risk and management’s action plan and assess whether risks are managed adequately and effectively;

iv. To solicit feedback on the adequacy and effectiveness of risk management and internal control from the Executive Directors, Management, Internal Auditors and External Auditors at least annually; and

v. To review and ensure that risk disclosure in the annual report are made in compliance with the provisions of the authority.

The Board may delegate its risk management oversight role to a board committee, if needed. In order to assist the Board to discharge these responsibilities, the Board has delegated the above


The Board adopts the ISO 31000: Risk Management as the principle guideline for the risk management practice in Ekovest.


Risk appetite is defined as the amount of risk that the Group is willing to accept in the pursuit of its value. Risk appetite is not a single, fixed concept and varies by types of risk and time horizon. In determining the risk appetite of the Group, the Board would consider the capabilities, financial and non-financial resources of the Group and timing.


The responsibilities of Management with respect to risk management are:

i. To implement effective risk management framework;

ii. To monitor and manage risk in accordance with the Group’s overall risk appetite;

iii. To identify changes in material or emerging risks and promptly bring these risks to the attention of the Board;

iv. To promote risk awareness among the employees of the Group;

v. To educate the heads of departments and line managers of their collective assurance responsibilities to the Board;

vi. To present and brief the Board and ARMC of the Group’s risk profile and register;

vii. To assess, update and present the risk status, Management action and result of the risk profile to the Board and ARMC;

viii. To integrate risk management process to standard operating procedures and performance appraisal; and

ix. To assure the Board and ARMC that the Group’s risk management and internal control systems are operating adequately and effectively.


Managing Director and Chief Finance Officer should provide assurance to the Board that risk management processes of the Group are working effectively and all key risks are being managed to an acceptable level.

The annual report and financial statements should include such meaningful information necessary to assist shareholders’ understanding of the main features of the Group’s risk management processes and systems of internal control. In making its disclosures, the Board shall make reference and comply to the latest MCCG,
Bursa’s Listing Requirements and Guidelines on risk management and internal control.